[PATCH 0 of 1] allow to use engine keyform for server private key

Piotr Sikora piotr at cloudflare.com
Tue Mar 25 18:24:37 UTC 2014


> While this functionality looks interesting, the patch certainly
> needs more work before it will be possible to commit it.  In
> particular, the patch will break compilation with mail module, not
> even talking about style issues.
> I also can't say I like the way how it's expected to be
> configured.  There should be a better way to do this, probably
> some parameter of the ssl_certificate_key directive ("format="? or
> rather "engine="?) and/or some specific path prefix to load a key
> from an engine.

On top of what Maxim already wrote, I'd like to see the counterpart
for the ssl_certificate directive.

Also, I prefer the "engine=" parameter.

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list