Hello!
On Fri, May 18, 2018 at 04:36:53AM -0400, Anderson Sasaki wrote:
> Hello,
>
> > The patch looks correct to me. Though it causes a segmentation
> > faults within pkcs11 engine when using such loaded keys at least
> > on Ubuntu 18.04 (OpenSSL 1.1.0g, pkcs11 engine from libp11 0.4.7).
> >
Hello,
> The patch looks correct to me. Though it causes a segmentation
> faults within pkcs11 engine when using such loaded keys at least
> on Ubuntu 18.04 (OpenSSL 1.1.0g, pkcs11 engine from libp11 0.4.7).
> Segmentation faults can be reproduced with the test you've sent
> earlier.
>
> Using
Hello!
On Thu, May 10, 2018 at 12:42:58PM -0400, Anderson Sasaki wrote:
> Hello,
>
> Thanks again for the feedback.
>
> > In no particular order:
> >
> > - Should be "SSL: added ..." (no capital letter after a semicolon,
> > prefer past tense).
> >
> > - An empty line after the summary.
>
Hello,
Thanks again for the feedback.
> In no particular order:
>
> - Should be "SSL: added ..." (no capital letter after a semicolon,
> prefer past tense).
>
> - An empty line after the summary.
>
> - Please prefer double spacing.
>
> - "uniNItialized"
The proposed changes were applied
Hello!
On Fri, Apr 27, 2018 at 11:27:57AM -0400, Anderson Sasaki wrote:
> Hello,
>
> > > > In my opinion it would be better to have nginx working with engines in
> > > > both scenarios.
> > > > And is not a problem to call ENGINE_init() from multiple places, since
> > > > the API takes care of
Hello,
> > > In my opinion it would be better to have nginx working with engines in
> > > both scenarios.
> > > And is not a problem to call ENGINE_init() from multiple places, since
> > > the API takes care of this case.
> >
> > I'll check these statements in your next patch, but for now it
> >
Hello!
On Thu, Apr 26, 2018 at 07:31:37PM +, Пичулин Дмитрий Николаевич wrote:
> > In my opinion it would be better to have nginx working with engines in both
> > scenarios.
> > And is not a problem to call ENGINE_init() from multiple places, since the
> > API takes care of this case.
>
>
> In my opinion it would be better to have nginx working with engines in both
> scenarios.
> And is not a problem to call ENGINE_init() from multiple places, since the
> API takes care of this case.
I'll check these statements in your next patch, but for now it seems an odd
functionality to
Hello,
Thank you for your feedback.
> > # HG changeset patch
> > # User Anderson Toshiyuki Sasaki
> > # Date 1524670310 -7200
> > # Wed Apr 25 17:31:50 2018 +0200
> > # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1
> > # Parent
Hello,
> The original patch was tested on the same setup:
> http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html
>
> Do you insist that it does not work in the current state?
Yes, the problem is that the automatic initialization only take place for the
default engines, which
Hello!
On Wed, Apr 25, 2018 at 11:52:45AM -0400, Anderson Sasaki wrote:
> # HG changeset patch
> # User Anderson Toshiyuki Sasaki
> # Date 1524670310 -7200
> # Wed Apr 25 17:31:50 2018 +0200
> # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1
> # Parent
The original patch was tested on the same setup:
http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html
Do you insist that it does not work in the current state?
___
nginx-devel mailing list
nginx-devel@nginx.org
Hello,
> Typically engines initialize themselves in bind(), if not, they are
> initialized by openssl.cnf ("default_algorithms"), why use "init = 0" in
> your openssl config and rely this openssl engine stuff to nginx?
Following the OpenSSL documentation, the application is responsible for
Typically engines initialize themselves in bind(), if not, they are initialized
by openssl.cnf ("default_algorithms"), why use "init = 0" in your openssl
config and rely this openssl engine stuff to nginx?
___
nginx-devel mailing list
Hello,
Following there is a test using the engine_pkcs11 [0] and softhsm [1].
The key is referenced in the device using PKCS#11 URI [2].
The test was based on an existing test, ssl_engine_keys.t
[0] https://github.com/OpenSC/libp11
[1] https://github.com/opendnssec/SoftHSMv2
[2]
15 matches
Mail list logo