+1. With one exception: engine_pkcs11 has been subsumed (and merged into) libp11.
I've tested it with a few different PIV tokens (RSA and ECC), and it was great. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Nikos Mavrogiannopoulos Sent: Friday, February 19, 2016 09:53 To: [email protected] Reply To: [email protected] Subject: Re: [openssl-dev] Ubsec and Chil engines On Fri, 2016-02-19 at 13:12 +0000, Matt Caswell wrote: > As far as I know there are some customers using the Chil engine > > with > > RHEL (openssl-1.0.1). > > How do you feel about the engine being spun out into a separate repo? > That of course assumes that a volunteer can be found to maintain it > (I > don't believe anyone on the dev team wishes to do so). > > If no such volunteer can be found how big a deal is it to remove it > from > 1.1.0 without a replacement? Obviously it won't be taken out of > 1.0.1/1.0.2. Of course there's no reason, even if we take it out now, > that if someone needs it badly enough in the future that they > couldn't forward port the 1.0.2 version to 1.1.0 and maintain it > themselves at that point. It may even be better, instead of pushing for different engines for different hardware, to make PKCS#11 the only API used to talk to hardware. There is a quite functional (and active as project) pkcs11 engine for openssl [0]. regards, Nikos [0]. https://github.com/OpenSC/engine_pkcs11 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
