[jira] [Commented] (PROTON-2594) Use of HSM for crypto opterations with the private key of a TLS certificate

Wed, 13 Nov 2024 23:22:09 -0800 


    [ 
https://issues.apache.org/jira/browse/PROTON-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17898157#comment-17898157
 ] 

ASF GitHub Bot commented on PROTON-2594:
----------------------------------------

a3f commented on PR #430:
URL: https://github.com/apache/qpid-proton/pull/430#issuecomment-2475596446

   > This PR has some problems for which I have some proposed fixes. The main 
ones being compilation failures on older versions of OpenSSL and a memory leak.
   
   Thanks and sorry for missing those. I now squashed your fixes directly into 
the commits.
   
   > If you can confirm my changes do not break anything in your environment 
with a real hardware security module, I will check this in and add a 
documentation update. My proposed changes are here:
   
   Your changes look fine to me. Feel free to push any commits you want to add 
on top of this PR.
   
   > I will revert the github action back to ubuntu-latest once that advances 
to ubuntu-24.04 in a few weeks.
   
   Sounds good.
   
   > It is unfortunate the software emulation bits of PKCS11 support are 
sufficiently buggy/immature that you had to take extraordinary steps to build a 
custom package and configuration just to get the test to run. Hopefully the 
tests can be altered to use regular distro packages in time.
   
   This is mostly because of the OpenSSL switch from ENGINE to PROVIDER. The 
PKCS#11 Engine is shipped universally, but is now deprecated. The provider is 
getting there.
   
   Thanks again,




> Use of HSM for crypto opterations with the private key of a TLS certificate
> ---------------------------------------------------------------------------
>
>                 Key: PROTON-2594
>                 URL: https://issues.apache.org/jira/browse/PROTON-2594
>             Project: Qpid Proton
>          Issue Type: New Feature
>          Components: cpp-binding, proton-c
>            Reporter: Franz Hollerer
>            Priority: Major
>         Attachments: pn2594.c
>
>
> We use a Hardware Security Module with PKCS#11 Interface (to be more 
> specific: OP-TEE) as key store. This key store holds the public and private 
> key for a TLS certificate for the purpose of client authentication.
> Is there a way to instruct proton-qpid to use the HSM for cryptographic 
> operations with the private key?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to