I dipped into the problem and came to the conclusion that this proposal cannot be used as a general one.
First, although the ctrl number could be passed in the directive itself, for example "engine:pkcs11:205:slot_0-id_00", where 205 corresponds to CMD_LOAD_CERT_CTRL (ENGINE_CMD_BASE + 5 = 200 + 5), the argument "params" is too specific for this command, in fact, it is a binding to a specific non-extensible interface of a particular ENGINE command.
Secondly, this binding to a bad interface actually, which is not able to return the certificate chain, CMD_LOAD_CERT_CTRL returns only the leaf certificate.
Therefore, I do not see how this can be used outside of pkcs11 ENGINE and I do not see how this can be used in a production without a certificate chain.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel