All, I toyed over the weekend with resurrecting CHIL: intermediate result here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT PROUD OF THIS but have no cycles to clean it up for at least a couple of days to come. It builds now but doesn't work: my privkey loading routine doesn't get called and that may be an API change I missed.
Can we resurrect CHIL for 1.1 along these lines? Then I'd be delighted to join the discussion about p11 for down the road. S. Sent from my iPhone > On Feb 22, 2016, at 10:00 AM, Richard Levitte <levi...@openssl.org> wrote: > > In message > <347004c001fd430aadadceac908e6...@ustx2ex-dag1mb1.msg.corp.akamai.com> on > Mon, 22 Feb 2016 14:46:28 +0000, "Salz, Rich" <rs...@akamai.com> said: > > rsalz> > If we integrate the support natively into OpenSSL, then PKCS#11 URIs > (see > rsalz> > RFC7512) can be first-class citizens throughout the crypto and SSL > APIs. Any > rsalz> > function which takes a filename for a cert or key should also > accept¹ a > rsalz> > PKCS#11 URI. > rsalz> > rsalz> It'd be great to see a crypto/pkcs11 directory with full native > support (as much as possible). > rsalz> > rsalz> But really doubtful to happen in 1.1 as the API freeze is in a month. > > Yeah, 1.1 is unrealistic, I'm sorry to say. > > -- > Richard Levitte levi...@openssl.org > OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users