On 27/11/2013 12:26, Nick Gearls wrote: > Maybe it's time to remove all redundant code in mod_ssl and use all features > of > OpenSSL; PKCS#11 will then be automatically supported and the maintenance of > mod_ssl will be simplified a lot. >
PKCS#11 support isn't native in OpenSSL though some third party ENGINEs do include partial support. Completely transparent support is tricky (and in some cases impossible) due several factors including the way PKCS#11 handles fork(). Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
