enhanced pkcs11 patch [was: patch to allow loading PKCS #11 URLs]
Nikos Mavrogiannopoulos
nmav at redhat.com
Wed Jul 15 06:21:25 UTC 2015
On Fri, 2015-06-19 at 15:49 +0200, Nikos Mavrogiannopoulos wrote:
> Hello,
> The attached patch allows loading PKCS #11 URLs in the
> ssl_certificate_key.
The attached patch set enhances that support by allowing PKCS #11 URLs
in the certificate field as well. As it is now nginx can work with
arbitrary hardware security modules using libp11 and engine_pkcs11 from
their git repositories.
That allows both certificate and key directives to be used with PKCS
#11 objects as:
ssl_certificate "pkcs11:model=..."
ssl_certificate_key "pkcs11:model="
(that simplifies loading of certificates which are stored inside the
module).
regards,
Nikos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkcs11.patch
Type: text/x-patch
Size: 8808 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150715/ccc16928/attachment.bin>
More information about the nginx-devel
mailing list