On Fri, 2016-02-19 at 13:12 +0000, Matt Caswell wrote: > As far as I know there are some customers using the Chil engine > > with > > RHEL (openssl-1.0.1). > > How do you feel about the engine being spun out into a separate repo? > That of course assumes that a volunteer can be found to maintain it > (I > don't believe anyone on the dev team wishes to do so). > > If no such volunteer can be found how big a deal is it to remove it > from > 1.1.0 without a replacement? Obviously it won't be taken out of > 1.0.1/1.0.2. Of course there's no reason, even if we take it out now, > that if someone needs it badly enough in the future that they > couldn't forward port the 1.0.2 version to 1.1.0 and maintain it > themselves at that point.
It may even be better, instead of pushing for different engines for different hardware, to make PKCS#11 the only API used to talk to hardware. There is a quite functional (and active as project) pkcs11 engine for openssl [0]. regards, Nikos [0]. https://github.com/OpenSC/engine_pkcs11 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
