patch to allow loading PKCS #11 URLs
Maxim Dounin
mdounin at mdounin.ru
Fri Jun 19 14:07:07 UTC 2015
Hello!
On Fri, Jun 19, 2015 at 03:49:48PM +0200, Nikos Mavrogiannopoulos wrote:
>
> Hello,
> The attached patch allows loading PKCS #11 URLs in the
> ssl_certificate_key.
>
> That is, one only needs to specify:
> ssl_certificate_key "pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin
> -value=1234"
>
> to access a key in a HSM. That's the only step required.
> That extends the previous approach which is generic, but tedious, and
> requires modifying openssl config files shared with other apps.
> See [0] for comparison.
Have you tried
ssl_certificate_key "engine:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin-value=1234";
instead?
I don't see how it's different from the code you propose.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list