LCertificateHandling
# HG changeset patch
# User Nikos Mavrogiannopoulos
# Date 1434720898 -7200
# Fri Jun 19 15:34:58 2015 +0200
# Branch pkcs11
# Node ID 0870b441d666234edd95578ae740f24554179b68
# Parent 311d232ad803c8580c498763710005b91d30b748
Allow loading a PKCS #11 URL (RFC7512) from
On Fri, 2015-06-19 at 17:07 +0300, Maxim Dounin wrote:
>
> Have you tried
> ssl_certificate_key
> "engine:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin-value=1234";
> instead?
> I don't see how it's different from the code you propose.
Hi,
Yes, I've tried it. It would be specified as:
"engine:
On Mon, 2015-06-22 at 04:11 +0300, Maxim Dounin wrote:
>
> > Hi,
> > Yes, I've tried it. It would be specified as:
> > "engine:pkcs11:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin
> > -value=1234";
> >
> > But doesn't work, because it doesn't initialize the pkcs11 engine.
> Shouldn't initializa
On Mon, 2015-06-22 at 11:06 +0200, Nikos Mavrogiannopoulos wrote:
>
> The current support relies on engine_pkcs11, which is a 3rd party
> module (not in openssl distribution). It should be future-proof to
> have
> a way to load PKCS #11 modules which is independent of the backe
On Fri, 2015-06-19 at 15:49 +0200, Nikos Mavrogiannopoulos wrote:
> Hello,
> The attached patch allows loading PKCS #11 URLs in the
> ssl_certificate_key.
The attached patch set enhances that support by allowing PKCS #11 URLs
in the certificate field as well. As it is now nginx can
On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
> Hi developers,
>
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing SSL c
On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
> Hi developers,
>
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
>
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing SS
