Hello! On Fri, Jun 19, 2015 at 03:49:48PM +0200, Nikos Mavrogiannopoulos wrote:
> > Hello, > The attached patch allows loading PKCS #11 URLs in the > ssl_certificate_key. > > That is, one only needs to specify: > ssl_certificate_key "pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin > -value=1234" > > to access a key in a HSM. That's the only step required. > That extends the previous approach which is generic, but tedious, and > requires modifying openssl config files shared with other apps. > See [0] for comparison. Have you tried ssl_certificate_key "engine:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin-value=1234"; instead? I don't see how it's different from the code you propose. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
