OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail

[Anthony Alba]

Hi developers,

I am using nginx with an OpenSSL engine (Safenet Luna) which is a
wrapper over PKCS#11.

The handles return by ENGINE_load_private_key cannot be used in child
processes, aka, workers due to PKCS#11, thus causing SSL connection
errors.

The private key seems to be loaded in ngx_ssl_certificate(); is there
a way to tell nginx to call this function per child process?


Thanks