Issue with current PKCS#11 support

Thomas Calderon calderon.thomas at gmail.com
Fri Apr 10 10:00:42 UTC 2015


Hi,

I just tried nginx PKCS#11 support that was introduced in 1.7.9.

In a Debug/Test environment I have a working setup. Namely, using "daemon
off" and the instructions provided on the mailing list, I manage to
establish a TLS connection using my token.

However, when using "daemon on", a client connection spawn the
worker_process, the PKCS#11 library gets reloaded. However, the PKCS#11
context is lost, hence the TLS connection cannot be established (further
function fails since the library is not initilized, objects handles are not
valid anymore, etc).

Given the stack used to leverage PKCS#11 support
(OpenSSL->engine_pkcs11->...), I am not sure how to fix this.

Did you observe the same behavior ?

Cheers,

Thomas Calderon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150410/3ec92dd7/attachment.html>


More information about the nginx-devel mailing list