[jira] [Commented] (PROTON-2594) Use of HSM for crypto opterations with the private key of a TLS certificate

Wed, 13 Nov 2024 18:55:52 -0800 


    [ 
https://issues.apache.org/jira/browse/PROTON-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17898114#comment-17898114
 ] 

ASF GitHub Bot commented on PROTON-2594:
----------------------------------------

cliffjansen commented on PR #430:
URL: https://github.com/apache/qpid-proton/pull/430#issuecomment-2475308160

   This PR has some problems for which I have some proposed fixes.  The main 
ones being compilation failures on older versions of OpenSSL and a memory leak.
   
   If you can confirm my changes do not break anything in your environment with 
a real hardware security module, I will check this in and add a documentation 
update.  My proposed changes are here:
   
     https://github.com/cliffjansen/qpid-proton/tree/pn2594_wip
   
   I will revert the github action back to ubuntu-latest once that advances to 
ubuntu-24.04 in a few weeks.
   
   It is unfortunate the software emulation bits of PKCS11 support are 
sufficiently buggy/immature that you had to take extraordinary steps to build a 
custom package and configuration just to get the test to run.  Hopefully the 
tests can be altered to use regular distro packages in time.
   




> Use of HSM for crypto opterations with the private key of a TLS certificate
> ---------------------------------------------------------------------------
>
>                 Key: PROTON-2594
>                 URL: https://issues.apache.org/jira/browse/PROTON-2594
>             Project: Qpid Proton
>          Issue Type: New Feature
>          Components: cpp-binding, proton-c
>            Reporter: Franz Hollerer
>            Priority: Major
>         Attachments: pn2594.c
>
>
> We use a Hardware Security Module with PKCS#11 Interface (to be more 
> specific: OP-TEE) as key store. This key store holds the public and private 
> key for a TLS certificate for the purpose of client authentication.
> Is there a way to instruct proton-qpid to use the HSM for cryptographic 
> operations with the private key?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to