Welcome! Log In Create A New Profile

Re: OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail

Forum List Message List New Topic Print View

Maxim Dounin

July 26, 2015 03:26PM

Hello!

On Sun, Jul 26, 2015 at 12:20:25AM +0800, Anthony Alba wrote:

> Hi developers,
>
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
>
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing SSL connection
> errors.
>
> The private key seems to be loaded in ngx_ssl_certificate(); is there
> a way to tell nginx to call this function per child process?

That's not something nginx is expected to do. It's the engine
responsibility to properly handle fork() calls. This was alrady
discussed in this list at least twice.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail	Anthony Alba	902	July 25, 2015 12:22PM
Re: OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail	Maxim Dounin	578	July 26, 2015 03:26PM
Re: OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail	Nikos Mavrogiannopoulos	429	July 31, 2015 10:38AM
Re: OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail	Nikos Mavrogiannopoulos	408	October 16, 2015 04:52AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 291

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018