patch to allow loading PKCS #11 URLs
nmav at redhat.com
Fri Jun 19 13:49:48 UTC 2015
The attached patch allows loading PKCS #11 URLs in the
That is, one only needs to specify:
to access a key in a HSM. That's the only step required.
That extends the previous approach which is generic, but tedious, and
requires modifying openssl config files shared with other apps.
See  for comparison.
This works with the latest engine_pkcs11, and p11-kit (which takes care
of module registration).
Note that PKCS #11 URLs, described in RFC7512, are becoming the way to
specify keys stored in PKCS #11 modules. engine_pkcs11 supports them
already, as well as gnutls natively. See also fedora's stance on them
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2174 bytes
Desc: not available
More information about the nginx-devel