Hi all,

Is someone else interested in providing feedback for my patch ?

Regards,

Thomas.

On Mon, Nov 3, 2014 at 11:30 PM, Thomas Calderon <calderon.thomas@gmail.com>
wrote:

> Hi Piotr,
>
> I was not aware that some efforts were ongoing to use PKCS#11 devices with
> nginx.
> However, my experience with OpenSSL engine support is that the code is
> dusty, rather limited and relies on external configuration files.
> Dmitrii's approach requires to stack the OpenSSL engine code and OpenSC's
> engine_pkcs11 which ends-up loading the real PKCS#11 middleware.
> OpenSSL tends to perform multiple engine initialization which can confuse
> the PKCS#11 shared library. Using the engine section in openssl.cnf ties
> you up with a system-wide defined middleware.
>
> I would rather advocate for a more direct and self-contained approach.
>
> Regards,
>
> Thomas Calderon.
>
> On Mon, Nov 3, 2014 at 10:50 PM, Piotr Sikora <piotr@cloudflare.com>
> wrote:
>
>> Hi Thomas,
>>
>> > This patch leverages PKCS#11 support in nginx http module using libp11.
>> > This allows the private key to be stored in a dedicated hardware (or
>> > software) component.
>>
>> Dmitrii Pichulin is already working on (IMHO) much better way to
>> handle PKCS#11 via OpenSSL engines:
>> http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005740.html
>>
>> Best regards,
>> Piotr Sikora
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel