Welcome! Log In Create A New Profile

Re: [PATCH 0 of 1] allow to use engine keyform for server private key

Forum List Message List New Topic Print View

Piotr Sikora

March 25, 2014 04:12PM

Hey Maxim,

> I too think it would be good, but I'm not sure it's at all
> possible. OpenSSL interface seems to allow to load public key
> from an engine, but not a certificate. I may be wrong though.

We could use engine's STORE_METHOD, as it gives us access to:
STORE_get_certificate(), STORE_get_private_key(), STORE_get_crl() and
STORE_get_arbitrary() and use the old ENGINE_load_private_key() as the
fallback in case engine doesn't provide STORE_METHOD.

Best regards,
Piotr Sikora

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 0 of 1] allow to use engine keyform for server private key	Tatiana Kondakova	787	March 25, 2014 08:42AM
[PATCH 1 of 1] add keyform option to SSL config to support loading private key from engine without exporting it to file	Tatiana Kondakova	319	March 25, 2014 08:42AM
Re: [PATCH 0 of 1] allow to use engine keyform for server private key	Maxim Dounin	313	March 25, 2014 01:12PM
Re: [PATCH 0 of 1] allow to use engine keyform for server private key	Piotr Sikora	255	March 25, 2014 02:26PM
Re: [PATCH 0 of 1] allow to use engine keyform for server private key	Maxim Dounin	282	March 25, 2014 02:44PM
Re: [PATCH 0 of 1] allow to use engine keyform for server private key	Piotr Sikora	364	March 25, 2014 04:12PM