[PATCH 0 of 1] allow to use engine keyform for server private key

Maxim Dounin mdounin at mdounin.ru
Tue Mar 25 18:43:16 UTC 2014


On Tue, Mar 25, 2014 at 11:24:37AM -0700, Piotr Sikora wrote:

> Hello,
> > While this functionality looks interesting, the patch certainly
> > needs more work before it will be possible to commit it.  In
> > particular, the patch will break compilation with mail module, not
> > even talking about style issues.
> >
> > I also can't say I like the way how it's expected to be
> > configured.  There should be a better way to do this, probably
> > some parameter of the ssl_certificate_key directive ("format="? or
> > rather "engine="?) and/or some specific path prefix to load a key
> > from an engine.
> On top of what Maxim already wrote, I'd like to see the counterpart
> for the ssl_certificate directive.

I too think it would be good, but I'm not sure it's at all 
possible.  OpenSSL interface seems to allow to load public key 
from an engine, but not a certificate.  I may be wrong though.

Maxim Dounin

More information about the nginx-devel mailing list