[PATCH 0 of 1] allow to use engine keyform for server private key

Piotr Sikora piotr at cloudflare.com
Tue Mar 25 20:11:40 UTC 2014


Hey Maxim,

> I too think it would be good, but I'm not sure it's at all
> possible.  OpenSSL interface seems to allow to load public key
> from an engine, but not a certificate.  I may be wrong though.

We could use engine's STORE_METHOD, as it gives us access to:
STORE_get_certificate(), STORE_get_private_key(), STORE_get_crl() and
STORE_get_arbitrary() and use the old ENGINE_load_private_key() as the
fallback in case engine doesn't provide STORE_METHOD.

Best regards,
Piotr Sikora



More information about the nginx-devel mailing list