[jira] [Commented] (PROTON-2594) Use of HSM for crypto opterations with the private key of a TLS certificate

Wed, 30 Oct 2024 04:25:20 -0700 


    [ 
https://issues.apache.org/jira/browse/PROTON-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17894168#comment-17894168
 ] 

ASF GitHub Bot commented on PROTON-2594:
----------------------------------------

a3f commented on PR #430:
URL: https://github.com/apache/qpid-proton/pull/430#issuecomment-2446700159

   > Hmm, have you made sure that the CI image actually has the relevant 
openssl modules for the softhsm? Maybe you need to apt install something to 
make the test work in the CI envioronment.
   
   Yes, that's what the `apt install pkcs11-provider` was for. I managed to 
reproduce in a ubuntu-24.04 container. The pkcs11-provider shipped there was 
the culprit. I now build the pkcs11-provider manually and the tests pass 
finally: https://github.com/a3f/qpid-proton/actions/runs/11591599162.
   
   > If at all possible I'd really like to maintain this distinction for these 
tests too.
   
   I can understand that, but most users will likely not run the PKCS#11 tests 
anyway, because there are more prerequisites than the C++ compiler (Linux, 
softhsm2, pkcs11-provider, OpenSSL > 3.0).
   Unfortunately, this side quest with debugging the CI has more than depleted 
the time I have alotted for this, so I won't be able to rewrite the test myself 
anytime soon.




> Use of HSM for crypto opterations with the private key of a TLS certificate
> ---------------------------------------------------------------------------
>
>                 Key: PROTON-2594
>                 URL: https://issues.apache.org/jira/browse/PROTON-2594
>             Project: Qpid Proton
>          Issue Type: New Feature
>          Components: cpp-binding, proton-c
>            Reporter: Franz Hollerer
>            Priority: Major
>         Attachments: pn2594.c
>
>
> We use a Hardware Security Module with PKCS#11 Interface (to be more 
> specific: OP-TEE) as key store. This key store holds the public and private 
> key for a TLS certificate for the purpose of client authentication.
> Is there a way to instruct proton-qpid to use the HSM for cryptographic 
> operations with the private key?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to