Hi, I assume you are building gRPC with OpenSSL.
1. We do have some support for the Engine APIs (https://github.com/grpc/grpc/blob/6534f0a6bfc1cfae6db931f9ee16f480de980374/src/core/tsi/ssl_transport_security.cc#L568) of OpenSSL 1.0.2. Unfortunately, because the feature was implemented quite a while ago, the test (https://github.com/grpc/grpc/blob/3717ff04bafd18504d8613d753d4605927305de3/test/core/end2end/h2_ssl_cert_test.cc#L263) has been broken and yet to be fixed. Regardless of the test, if we assume this still works, would it accommodate your use case? Note that you'd be locked into OpenSSL 1.0.2. 2. If the option 1 above is not viable but OpenSSL Engine APIs will indeed solve your problem. Would you be interested in contributing to supporting this feature for more recent OpenSSL versions (namely, OpenSSL 3)? Please let us know if you got any questions. Best, Luwei On Saturday, September 9, 2023 at 5:29:20 PM UTC-4 GoogleUser Zak wrote: > Hi, > I am looking for a GRPC library implementation/version where a C++ gRPC > client, namely CreateChannel(), can refer to the mTLS private key using > PKCS#11 URI, and therefore the private key doesn't need to be read in the > user space, and will stay in the HSM secure memory. > > Is there a way to use openSSL with pkcs11 engine in the gRPC library? If > so, any pointers about how to create that gRPC library? > > Thanks > -- > Hakim > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/8d002db7-98f7-4a8d-a472-a8e782f934a2n%40googlegroups.com.
