Hi all, Is someone else interested in providing feedback for my patch ?
Regards, Thomas. On Mon, Nov 3, 2014 at 11:30 PM, Thomas Calderon <calderon.tho...@gmail.com> wrote: > Hi Piotr, > > I was not aware that some efforts were ongoing to use PKCS#11 devices with > nginx. > However, my experience with OpenSSL engine support is that the code is > dusty, rather limited and relies on external configuration files. > Dmitrii's approach requires to stack the OpenSSL engine code and OpenSC's > engine_pkcs11 which ends-up loading the real PKCS#11 middleware. > OpenSSL tends to perform multiple engine initialization which can confuse > the PKCS#11 shared library. Using the engine section in openssl.cnf ties > you up with a system-wide defined middleware. > > I would rather advocate for a more direct and self-contained approach. > > Regards, > > Thomas Calderon. > > On Mon, Nov 3, 2014 at 10:50 PM, Piotr Sikora <pi...@cloudflare.com> > wrote: > >> Hi Thomas, >> >> > This patch leverages PKCS#11 support in nginx http module using libp11. >> > This allows the private key to be stored in a dedicated hardware (or >> > software) component. >> >> Dmitrii Pichulin is already working on (IMHO) much better way to >> handle PKCS#11 via OpenSSL engines: >> http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005740.html >> >> Best regards, >> Piotr Sikora >> >> _______________________________________________ >> nginx-devel mailing list >> nginx-devel@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> > >
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
