Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

All, I toyed over the weekend with resurrecting CHIL: intermediate result here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT PROUD OF THIS but have no cycles to clean it up for at least a couple of days to come. It builds now but doesn't work: my privkey loading routine

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

In message <347004c001fd430aadadceac908e6...@ustx2ex-dag1mb1.msg.corp.akamai.com> on Mon, 22 Feb 2016 14:46:28 +, "Salz, Rich" said: rsalz> > If we integrate the support natively into OpenSSL, then PKCS#11 URIs (see rsalz> > RFC7512) can be first-class citizens

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

> If we integrate the support natively into OpenSSL, then PKCS#11 URIs (see > RFC7512) can be first-class citizens throughout the crypto and SSL APIs. Any > function which takes a filename for a cert or key should also accept¹ a > PKCS#11 URI. It'd be great to see a crypto/pkcs11 directory with

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

In message <1456140741.4735.272.ca...@infradead.org> on Mon, 22 Feb 2016 11:32:21 +, David Woodhouse said: dwmw2> On Sat, 2016-02-20 at 22:55 +0100, Richard Levitte wrote: dwmw2> > dwmw2> > sander> What I would like to see though is for such a PKCS#11 Engine dwmw2> >

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

On 20 February 2016 at 21:40, Sander Temme wrote: > However, I’m intrigued by the notion of a PKCS#11 Engine in OpenSSL: it’s > a standard (an OASIS standard now); it’s fairly fully featured; everyone in > the industry supports it including Thales; and you can build a program

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

In message <5b8f45ea-5867-4832-916a-6b31a323a...@temme.net> on Sat, 20 Feb 2016 12:40:38 -0800, Sander Temme said: sander> sander> > On Feb 19, 2016, at 3:31 AM, Matt Caswell wrote: sander> sander> OK that made our support lines blow up so yes there is

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

> On Feb 19, 2016, at 3:31 AM, Matt Caswell wrote: OK that made our support lines blow up so yes there is interest. Disclaimer: I work for Thales but do not speak for Thales. > So it seems that for chil there may possibly be some rare use (but even > the most recent evidence

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

> In both cases I would like to remove these engines from 1.1.0. I'd like to > hear > from the community if there is any active use of these. One option if there is > found to be some small scale use is to spin out the engine into a separately > managed repo (as has happened recently with the

Re: [openssl-users] [openssl-dev] Ubsec and Chil engines

Hello Matt, If I don't hear from anyone I will remove these. > I can confirm that CHIL engine is actively used with OpenSSL 1.0.* by the owners of nCipher/THALES nShield HSMs. I have notified vendor support about this thread. Regards, Jaroslav -- openssl-users mailing list To unsubscribe: