httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: mod_ssl and pkcs11
Date Thu, 28 Nov 2013 05:41:10 GMT
On 27.11.2013 15:33, Dr Stephen Henson wrote:
> On 27/11/2013 12:26, Nick Gearls wrote:
>> Maybe it's time to remove all redundant code in mod_ssl and use all features of
>> OpenSSL; PKCS#11 will then be automatically supported and the maintenance of
>> mod_ssl will be simplified a lot.
>>
> 
> PKCS#11 support isn't native in OpenSSL though some third party ENGINEs do
> include partial support.
> 
> Completely transparent support is tricky (and in some cases impossible) due
> several factors including the way PKCS#11 handles fork().

Right, that's also the major topic which
https://issues.apache.org/bugzilla/show_bug.cgi?id=42688 is elaborating on.

According to https://wiki.oasis-open.org/pkcs11/ShortTermItems, some
fixes for https://wiki.oasis-open.org/pkcs11/MultipleCallersPerProcess
might make it into PKCS#11 v2.40.

Engine PKCS#11 (https://github.com/OpenSC/engine_pkcs11) hasn't seen
much activity since 2010, are you aware of alternatives?

Kaspar

Mime
View raw message