Hey there, Joe; No idea how I didn't detect this much sooner. I have access to hardware security modules with PKCS11 interfaces for key operations and would be happy to put this through it's paces. The 2.5 docs are fairly light (note, this 2.4 patch seems to be missing docs) on how to test this out. Pointers appreciated if you have a working recipe.
On 2019/08/28 12:15:02 [email protected] wrote: > Author: jorton > Date: Wed Aug 28 12:15:01 2019 > New Revision: 1866035 > > URL: http://svn.apache.org/viewvc?rev=1866035&view=rev > Log: > Proposed mod_ssl PKCS#11 cert/key support. > > Modified: > httpd/httpd/branches/2.4.x/STATUS > > Modified: httpd/httpd/branches/2.4.x/STATUS > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1866035&r1=1866034&r2=1866035&view=diff > ============================================================================== > --- httpd/httpd/branches/2.4.x/STATUS (original) > +++ httpd/httpd/branches/2.4.x/STATUS Wed Aug 28 12:15:01 2019 > @@ -160,6 +160,21 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: > rpluem says: -1 for now. See further discussion at > https://bz.apache.org/bugzilla/show_bug.cgi?id=63503 > > + *) mod_ssl: Add support for loading certs & keys from PKCS#11 URLs via the > + OpenSSL pkcs11 engine. Includes related minor cleanups and > + simplification to mod_ssl internals. > + trunk patch: http://svn.apache.org/r1830819 > + http://svn.apache.org/r1830912 > + http://svn.apache.org/r1830913 > + http://svn.apache.org/r1830927 > + http://svn.apache.org/r1831168 > + http://svn.apache.org/r1831173 > + http://svn.apache.org/r1835240 > + http://svn.apache.org/r1835242 > + http://svn.apache.org/r1835615 > + 2.4.x patch: http://people.apache.org/~jorton/mod_ssl_pkcs11.patch > + +1: jorton, > + > PATCHES/ISSUES THAT ARE BEING WORKED > [ New entries should be added at the START of the list ] > > > > -- Daniel Ruggeri
