[PATCH 0 of 1] allow to use engine keyform for server private key
mdounin at mdounin.ru
Tue Mar 25 18:43:16 UTC 2014
On Tue, Mar 25, 2014 at 11:24:37AM -0700, Piotr Sikora wrote:
> > While this functionality looks interesting, the patch certainly
> > needs more work before it will be possible to commit it. In
> > particular, the patch will break compilation with mail module, not
> > even talking about style issues.
> > I also can't say I like the way how it's expected to be
> > configured. There should be a better way to do this, probably
> > some parameter of the ssl_certificate_key directive ("format="? or
> > rather "engine="?) and/or some specific path prefix to load a key
> > from an engine.
> On top of what Maxim already wrote, I'd like to see the counterpart
> for the ssl_certificate directive.
I too think it would be good, but I'm not sure it's at all
possible. OpenSSL interface seems to allow to load public key
from an engine, but not a certificate. I may be wrong though.
More information about the nginx-devel