OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail
Nikos Mavrogiannopoulos
nmav at redhat.com
Fri Oct 16 08:50:34 UTC 2015
On Sun, 2015-07-26 at 00:20 +0800, Anthony Alba wrote:
> Hi developers,
>
> I am using nginx with an OpenSSL engine (Safenet Luna) which is a
> wrapper over PKCS#11.
>
> The handles return by ENGINE_load_private_key cannot be used in child
> processes, aka, workers due to PKCS#11, thus causing SSL connection
> errors.
> The private key seems to be loaded in ngx_ssl_certificate(); is there
> a way to tell nginx to call this function per child process?
nginx should work transparently with the newest libp11 (0.3.0) and
engine_pkcs11 (0.2.0). Let me know, if not.
regards,
Nikos
More information about the nginx-devel
mailing list