enhanced pkcs11 patch [was: patch to allow loading PKCS #11 URLs]

Nikos Mavrogiannopoulos nmav at redhat.com
Wed Jul 15 06:21:25 UTC 2015

On Fri, 2015-06-19 at 15:49 +0200, Nikos Mavrogiannopoulos wrote:
> Hello,
>  The attached patch allows loading PKCS #11 URLs in the
> ssl_certificate_key.

The attached patch set enhances that support by allowing PKCS #11 URLs
in the certificate field as well. As it is now nginx can work with
arbitrary hardware security modules using libp11 and engine_pkcs11 from
their git repositories.

That allows both certificate and key directives to be used with PKCS
#11 objects as:
ssl_certificate "pkcs11:model=..."
ssl_certificate_key "pkcs11:model="

(that simplifies loading of certificates which are stored inside the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkcs11.patch
Type: text/x-patch
Size: 8808 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150715/ccc16928/attachment.bin>

More information about the nginx-devel mailing list