OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail
nmav at redhat.com
Fri Jul 31 14:37:00 UTC 2015
On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
> Hi developers,
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing SSL connection
Unfortunately nginx doesn't have direct support for PKCS #11 and relies
on the very primitive engine_pkcs11 which doesn't have work (yet) with
applications that fork. To make that work you need to get
engine_pkcs11, and libp11 from their git repositories ,  and
apply  on top.
I have a tracker for these issues at:
More information about the nginx-devel