Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Support loading server certificate from HW token

Maxim Dounin
May 12, 2020 03:08PM
Hello!

On Fri, May 08, 2020 at 07:53:18PM +0000, Пичулин Дмитрий Николаевич wrote:

> I dipped into the problem and came to the conclusion that this
> proposal cannot be used as a general one.
>
> First, although the ctrl number could be passed in the directive
> itself, for example "engine:pkcs11:205:slot_0-id_00", where 205
> corresponds to CMD_LOAD_CERT_CTRL (ENGINE_CMD_BASE + 5 = 200 +
> 5), the argument "params" is too specific for this command, in
> fact, it is a binding to a specific non-extensible interface of
> a particular ENGINE command.
>
> Secondly, this binding to a bad interface actually, which is not
> able to return the certificate chain, CMD_LOAD_CERT_CTRL returns
> only the leaf certificate.
>
> Therefore, I do not see how this can be used outside of pkcs11
> ENGINE and I do not see how this can be used in a production
> without a certificate chain.

Thanks for the review, appreciated.

A possible use case might be to use it for proxy_ssl_certificate,
but I agree that this looks very limited and at most optional.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Support loading server certificate from HW token

Lubos Uhliarik 192 April 27, 2020 07:54AM

Re: [PATCH] Support loading server certificate from HW token

Lubos Uhliarik 42 April 30, 2020 07:58AM

Re: [PATCH] Support loading server certificate from HW token

Пичулин Дмитрий Николаевич 35 May 02, 2020 03:56PM

Re: [PATCH] Support loading server certificate from HW token

Lubos Uhliarik 34 May 04, 2020 08:44AM

Re: [PATCH] Support loading server certificate from HW token

Пичулин Дмитрий Николаевич 27 May 08, 2020 03:54PM

Re: [PATCH] Support loading server certificate from HW token

Maxim Dounin 35 May 12, 2020 03:08PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 97
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready