Hi WIlliam, With HAProxy Conf and HAProxy 3.2 out of the way, I was wondering if you had some time to give this a look over?
Thanks, Chris. > On 9 May 2025, at 18:32, William Lallemand <[email protected]> wrote: > > On Thu, May 08, 2025 at 03:50:20PM +0100, Christopher Staite wrote: >> Subject: Re: [PATCH] FEATURE: pkcs11: add support for PKCS#11 >> Hi William, >> >> Finally found some time to "finish" this off. There is now a varnish test >> for AWS-LC with both RSA and ECDSA. I’ve tested it out with Google KMS >> module >> (https://github.com/GoogleCloudPlatform/kms-integrations/releases?q=pkcs%2311&expanded=true) >> on GCP and it appears to function as expected. >> >> Sorry it’s 3000 lines of new code, but I broke it down in to modules which >> should hopefully make it more readable. Pretty much all of the code is >> gated behind a new non-default feature (PKCS11), so shouldn’t be too much of >> a risk. >> >> Future improvements: >> - Support for OpenSSL Engine (3+) and OpenSSL Providers (1.x) to avoid >> having to use an external PKCS#11 solution >> - Include testing for Ed25519 >> - Maybe improve error messages in failure cases >> - More examples (although, maybe this is better suited to the Wiki) >> - I’m not sure if the code works with Windows and/or macOS, although the >> full GitHub test suite passes >> >> Thanks, Chris. >> > > Thank you for getting us updated, I'm still busy with 3.2 release and the > preparation of the conference for now. We will take a look at this after the > 3.2 release. Sorry for letting this aside for now. > > Regards, > > -- > William Lallemand
