I have tried to create a patch to provide engine(3) support to Flood. Currently the patch hardcodes the engine to "pkcs11" which is the engine available in the Sun Niagara. The patch also assumes that the following line is added to config.h
#define HAVE_OPENSSL_ENGINE_H 1 since the code is #ifdef with that define Ideally, one would get the engine name from the XML config but I haven't wrapped my head over the apr_xml API's as yet. If anybody has access to a Niagara and can test it out, I would really appreciate it. According to this blog entry, the Niagara has some very impressive RSA perf http://blogs.sun.com/roller/page/chichang1 Regards, Yusuf Index: flood_net_ssl.c =================================================================== --- flood_net_ssl.c (revision 386242) +++ flood_net_ssl.c (working copy) @@ -29,6 +29,10 @@ #if FLOOD_HAS_OPENSSL +#if HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif + #define OPENSSL_THREAD_DEFINES #include <openssl/ssl.h> #include <openssl/err.h> @@ -135,8 +139,34 @@ #if APR_HAS_THREADS int i, numlocks; #endif +#if HAVE_OPENSSL_ENGINE_H + ENGINE *e; +#endif + apr_file_t *local_stderr; ssl_pool = pool; + apr_file_open_stderr(&local_stderr, ssl_pool); +#if HAVE_OPENSSL_ENGINE_H +#if OPENSSL_VERSION_NUMBER >= 0x00907000L + ENGINE_load_builtin_engines(); +#endif + if (!(e = ENGINE_by_id("pkcs11"))) { + apr_file_printf(local_stderr, "could not find pkcs11 engine"); + exit(-1); + } + if(!ENGINE_init(e)) { + ENGINE_free(e); + apr_file_printf(local_stderr, "could not init pkcs11 engine"); + exit(-1); + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ENGINE_free(e); + apr_file_printf(local_stderr, "could not set all defaults"); + exit(-1); + } + ENGINE_finish(e); + ENGINE_free(e); +#endif SSL_library_init(); OpenSSL_add_ssl_algorithms();
