On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
> Hi developers,
>
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
>
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing
On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
Hi developers,
I am using nginx with an OpenSSL engine (Safenet Luna) which is a
wrapper over PKCS#11.
The handles return by ENGINE_load_private_key cannot be used in child
processes, aka, workers due to PKCS#11, thus causing SSL
On Fri, 2015-06-19 at 15:49 +0200, Nikos Mavrogiannopoulos wrote:
Hello,
The attached patch allows loading PKCS #11 URLs in the
ssl_certificate_key.
The attached patch set enhances that support by allowing PKCS #11 URLs
in the certificate field as well. As it is now nginx can work
On Mon, 2015-06-22 at 11:06 +0200, Nikos Mavrogiannopoulos wrote:
The current support relies on engine_pkcs11, which is a 3rd party
module (not in openssl distribution). It should be future-proof to
have
a way to load PKCS #11 modules which is independent of the backend
used
by nginx
On Mon, 2015-06-22 at 04:11 +0300, Maxim Dounin wrote:
Hi,
Yes, I've tried it. It would be specified as:
engine:pkcs11:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin
-value=1234;
But doesn't work, because it doesn't initialize the pkcs11 engine.
Shouldn't initialization of an
# HG changeset patch
# User Nikos Mavrogiannopoulos n...@redhat.com
# Date 1434720898 -7200
# Fri Jun 19 15:34:58 2015 +0200
# Branch pkcs11
# Node ID 0870b441d666234edd95578ae740f24554179b68
# Parent 311d232ad803c8580c498763710005b91d30b748
Allow loading a PKCS #11 URL (RFC7512) from