Open gknocke opened 9 years ago
I think if we have an input line like ---- BEGIN X ----
we should assume PEM. Without it, we could assume DER. Then offer an option to give the format explicitly and we make no assumptions.
I wouldn't like to assume that just because it looks like PEM (i.e. it is base 64 encoded) that it must be PEM. And just giving it to OpenSSL and let it try seems ugly: It will log error messages we have to clear and maybe other stuff.
I suggested we make a detection of our own (maybe OpenSSL even has something for this?) that uses the above condition to decide the format. So kind of a hybrid between both. I especially like the convenience this gives to users.
Seems this is part of external interfaces, right? The library receives the final structures, so this is a decision our interfaces make.
Openssl defines "-inform", "-keyform" etc. We have two possibilities here when parsing input parameters by ourselves:
What would you prefer?