https://bz.apache.org/bugzilla/show_bug.cgi?id=69481
--- Comment #6 from Joe Orton <jor...@redhat.com> --- Thanks - a few notes: - If you use "SSLCryptoDevice pkcs11" the PKCS#11 ENGINE will be set as the global default in OpenSSL. I think this is (almost always) undesirable if you only really want to route key signing operations via the HSM for the configured keypair. - mod_ssl supports PKCS#11 URIs in SSLCertificateCertFile/KeyFile directly since httpd 2.4.44 - this is backported into RHEL8's httpd 2.4.37, though some later fixes/changes will not be present. - All the errors in the systemd log are being emitted to stderr by something other than httpd, so I guess the PKCS#11 module or ENGINE - these are not familiar to me - Dec 03 15:46:53 101rhel httpd[240295]: error is c0000001, RC_MEMORY_ALLOCATION Dec 03 15:46:53 101rhel httpd[240295]: error is c0000001, RC_MEMORY_ALLOCATION Dec 03 15:46:53 101rhel httpd[240295]: error is c0000001, RC_MEMORY_ALLOCATION Dec 03 15:46:53 101rhel httpd[240295]: error is c0000001, RC_MEMORY_ALLOCATION Dec 03 15:46:53 101rhel httpd[240295]: error is c0000001, RC_MEMORY_ALLOCATION Dec 03 15:46:53 101rhel httpd[240295]: error is c0000001, RC_MEMORY_ALLOCATION ... Dec 03 15:51:52 101rhel httpd[240542]: Error message is : error:1408F119:SSL routines:ssl3_get_record:decryption > Dec 03 15:51:52 101rhel httpd[240542]: Error message is : error:140E0197:SSL routines:SSL_shutdown:shutdown while> Dec 03 15:51:52 101rhel httpd[240315]: SSL Error is (5 : 104 ) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
