OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail

Nikos Mavrogiannopoulos nmav at
Fri Oct 16 08:50:34 UTC 2015

On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
> Hi developers,
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing SSL connection
> errors.
> The private key seems to be loaded in ngx_ssl_certificate(); is there
> a way to tell nginx to call this function per child process?

nginx should work transparently with the newest libp11 (0.3.0) and
engine_pkcs11 (0.2.0). Let me know, if not.


More information about the nginx-devel mailing list