httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Hallyn <>
Subject [PATCH] SSLCryptoDevCtl support
Date Thu, 19 Feb 2004 15:41:55 GMT

This patch obsoletes that which I sent on Feb 17.  It is simply a port
of Geoff Thorpe's patch, submitted on July 12, 2001, to apache 2.0.48. 
According to list archives, there was never a response to this patch.

Using this patch,

  1. users of openssl versions prior to 0.9.8 (which has not yet been
released) can utilize dynamic engines.  This means that vendors can
provide dynamic crypto engines to customers without requiring
recompilation of openssl and apache.  For instance, our sample ssl.conf
contained the lines:

SSLCryptoDevice dynamic
SSLCryptoDeviceCtrl SO_PATH:/usr/local/lib/
SSLCryptoDeviceCtrl ID:ibmca
SSLCryptoDeviceCtrl LIST_ADD:1
SSLCryptoDeviceCtrl LOAD

  2. These directives can be used to send engine-specific commands to an
openssl engine.  This remains useful after openssl 0.9.8 becomes

Comments are much appreciated.

Serge Hallyn
Security Software Engineer, IBM Linux Technology Center

View raw message