DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42687>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42687 Summary: Fully delegate certificate & key semantics to the SSLCryptoDevice Product: Apache httpd-2 Version: 2.3-HEAD Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] This bug report is a patch submission, sponsored by nCipher PLC, that provides the minimal changes necessary to: 1. Break the PEM file habit. 2. Disable ssl_engine_pphrase password entry and (asn.1 based) caching of certificates and keys read from those files. 3. Enable a pkcs11 based openssl ENGINE implementation to be used. The change set introduced by this patch is *not* suitable for production use. It's primary purpose is to stimulate discussion of if/how mod_ssl should be changed to better support HSM managed keys and the pkcs11 standard. This patch applies the above 3 changes if *any* SSLCryptoDevice is present in the apache config. It assumes the same SSLCryptoDevice is used server wide. No attempt is made to support distinct SSLCryptoDevices on a per (IP) based virtual host basis. Support for 3 in this patch is limited: It requires that *either* -DONE_PROCESS is specified to apache on startup OR the pkcs11 implementation breaks the "Applications and processes" rules set out in the pkcs11 standard [p 17 PKCS #11 v2.2 6.6.1]. A subsequent patch will lift the restrictions for the worker mpm. For fuller discussion please see the http-dev thread "Apache2 mod_ssl with HSM support" (started on Tue, 29 May 2007). http://mail-archives.apache.org/mod_mbox/httpd-dev/200705.mbox/ajax/[EMAIL PROTECTED]" -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
