Welcome! Log In Create A New Profile

Re: [PATCH] Support loading server certificate from HW token

Forum List Message List New Topic Print View

Пичулин Дмитрий Николаевич

May 08, 2020 03:54PM

I dipped into the problem and came to the conclusion that this proposal cannot be used as a general one.

First, although the ctrl number could be passed in the directive itself, for example "engine:pkcs11:205:slot_0-id_00", where 205 corresponds to CMD_LOAD_CERT_CTRL (ENGINE_CMD_BASE + 5 = 200 + 5), the argument "params" is too specific for this command, in fact, it is a binding to a specific non-extensible interface of a particular ENGINE command.

Secondly, this binding to a bad interface actually, which is not able to return the certificate chain, CMD_LOAD_CERT_CTRL returns only the leaf certificate.

Therefore, I do not see how this can be used outside of pkcs11 ENGINE and I do not see how this can be used in a production without a certificate chain.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] Support loading server certificate from HW token	Lubos Uhliarik	443	April 27, 2020 07:54AM
Re: [PATCH] Support loading server certificate from HW token	Lubos Uhliarik	163	April 30, 2020 07:58AM
Re: [PATCH] Support loading server certificate from HW token	Пичулин Дмитрий Николаевич	121	May 02, 2020 03:56PM
Re: [PATCH] Support loading server certificate from HW token	Lubos Uhliarik	142	May 04, 2020 08:44AM
Re: [PATCH] Support loading server certificate from HW token	Пичулин Дмитрий Николаевич	115	May 08, 2020 03:54PM
Re: [PATCH] Support loading server certificate from HW token	Maxim Dounin	148	May 12, 2020 03:08PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 292

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018