https://issues.apache.org/bugzilla/show_bug.cgi?id=57510
--- Comment #3 from Pichulin Dmitrii <[email protected]> --- (In reply to Kaspar Brand from comment #2) > Thanks for the patch - it would be a fairly superficial support for > engine-based keys, though. If we really want to support this feature (so > far, the SSLCryptoDevice is targeting the accelerator-only case), then we > should consider adding a more flexible mechanism. See e.g. > > https://mail-archives.apache.org/mod_mbox/httpd-dev/200402.mbox/ > %3C1077205315.13155.15.camel%40dyn95394216.austin.ibm.com%3E > > and bug 42687, bug 42688 (or bug 51296, which specifically mentions > SSLCryptoDeviceCtrl). First: Our patch provides exactly what is stated. Kaspar Brand said that this is "fairly superficial support for engine-based keys" but at this point of time Apache httpd can not load private keys from tokens at all. This functionality is becoming more and more crucial over time. Our patch can simply add this functionality without any consequences. It can be upgraded later with a better solution if its needed. Second: Our vision is that OpenSSL is preconfigured and SSLCertificateKeyFile just use ENGINE_by_id (and then ENGINE_load_private_key) for getting already initialized ENGINE (initialized by OpenSSL config). Your vision is that OpenSSL should be configured by Apache httpd, can you provide information why? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
