patch to allow loading PKCS #11 URLs
Nikos Mavrogiannopoulos
nmav at redhat.com
Fri Jun 19 14:39:48 UTC 2015
On Fri, 2015-06-19 at 17:07 +0300, Maxim Dounin wrote:
>
> Have you tried
> ssl_certificate_key
> "engine:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin-value=1234";
> instead?
> I don't see how it's different from the code you propose.
Hi,
Yes, I've tried it. It would be specified as:
"engine:pkcs11:pkcs11:model=SoftHSM%20v2serial=f0490bea35;pin
-value=1234";
But doesn't work, because it doesn't initialize the pkcs11 engine.
Furthermore, the "engine:pkcs11:pkcs11:" approach defeats the purpose
of PKCS #11 URLs which is to use the same string to identify the same
keys on all applications.
regards,
Nikos
More information about the nginx-devel
mailing list