[jira] [Commented] (PROTON-2594) Use of HSM for crypto opterations with the private key of a TLS certificate

Tue, 29 Oct 2024 12:01:16 -0700 


    [ 
https://issues.apache.org/jira/browse/PROTON-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893961#comment-17893961
 ] 

ASF GitHub Bot commented on PROTON-2594:
----------------------------------------

astitcher commented on PR #430:
URL: https://github.com/apache/qpid-proton/pull/430#issuecomment-2445099977

   > I added a `pkc11_test` that receives `pkcs11:` URIs for both server and 
client certificates and keys via environment variables. A script executed by CI 
adds the PEM files available in tree to a SoftHSM and exports said environment 
variables.
   > 
   > The test is skipped without being marked as failure whenever the 
environment variables are missing as not break other users running the test 
suite, but lacking the prerequisites.
   > 
   > This works fine locally, but unfortunately fails in CI and I am not sure 
why.
   > 
   > @astitcher How would you go about debugging issues that only fail in CI? I 
tried https://github.com/nektos/act, but I don't have a docker image that looks 
sufficiently enough like the Github runner VM images, so it's able to execute 
the tests as-is.
   
   I'm not aware of anything specific. I guess adding extra debugging output 
until you can figure out enough to make it fail in your local environment too. 
I know that's not very helpful - sorry :-(




> Use of HSM for crypto opterations with the private key of a TLS certificate
> ---------------------------------------------------------------------------
>
>                 Key: PROTON-2594
>                 URL: https://issues.apache.org/jira/browse/PROTON-2594
>             Project: Qpid Proton
>          Issue Type: New Feature
>          Components: cpp-binding, proton-c
>            Reporter: Franz Hollerer
>            Priority: Major
>         Attachments: pn2594.c
>
>
> We use a Hardware Security Module with PKCS#11 Interface (to be more 
> specific: OP-TEE) as key store. This key store holds the public and private 
> key for a TLS certificate for the purpose of client authentication.
> Is there a way to instruct proton-qpid to use the HSM for cryptographic 
> operations with the private key?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to