Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E3EE0CDCA for ; Tue, 11 Jun 2013 17:01:35 +0000 (UTC) Received: (qmail 31777 invoked by uid 500); 11 Jun 2013 17:01:32 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 31754 invoked by uid 500); 11 Jun 2013 17:01:32 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 31746 invoked by uid 99); 11 Jun 2013 17:01:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jun 2013 17:01:32 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of coolcuzu@gmail.com designates 209.85.219.47 as permitted sender) Received: from [209.85.219.47] (HELO mail-oa0-f47.google.com) (209.85.219.47) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jun 2013 17:01:26 +0000 Received: by mail-oa0-f47.google.com with SMTP id m1so5755725oag.6 for ; Tue, 11 Jun 2013 10:01:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=jqlEf+7bfdvizqVCtG5cgYJ0VTqJ4zm3Vu9baTPH94M=; b=Acme+aovmjY3A1cBl2+bQog+CGQ5BxI7x50b1DOoEI4FJfNuUydnxMlaPXtnZmy4PR Hl5RoqpPCWNq56B8fVrj0gKEjZYMtckOE/GNbv1bIPExE/+a4NyyicQFvI3VEH6tO/Sh f8irPe8Z1U6qFdHhWEEZUugg3dvU/xSdD+sgUK3cgNFP3EX8xA+0LjONpch8HumFUTTl FPL6VK7wEaQ/4ftA1D+IHwmD1PSh+GL0rQot1D5Qh4vsRk7PR8m3DRIFbkrh1YgdKqag ZRgFY59h3CvidY9rtGbAH4hj3/XzTVIgeKJwQ9BkJxSUYxjpVjPPyspzDvKSJO/s2Ged g2Ng== X-Received: by 10.182.237.50 with SMTP id uz18mr12697512obc.51.1370970065641; Tue, 11 Jun 2013 10:01:05 -0700 (PDT) Received: from [10.176.147.246] (utdpat242008.utdallas.edu. [129.110.242.8]) by mx.google.com with ESMTPSA id rs4sm21571854obc.10.2013.06.11.10.01.04 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Jun 2013 10:01:05 -0700 (PDT) Message-ID: <51B757D0.3090604@gmail.com> Date: Tue, 11 Jun 2013 12:01:04 -0500 From: coolcuzu User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: users@httpd.apache.org References: <51B64B9F.50403@gmail.com> <51B74AF5.6000402@primary.net> In-Reply-To: <51B74AF5.6000402@primary.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Using Apache 2.0 with mod_ssl and custom engine on openssl Thank you Daniel for your help. I believe a bad part (or an important feature that does not exist) of mod_ssl is the lack of ability to pass any argument or parameter to the crypto device that you want to use. Do you know anything about passing a parameter (command in openssl engine terminology)? Otherwise, I may need to hardcode the parameters into the custom openssl engine, which isn't very nice though. Erman On 6/11/2013 11:06 AM, Daniel Ruggeri wrote: > On 6/10/2013 4:56 PM, coolcuzu wrote: >> Hi, >> >> My question may seem rather complex, but I believe someone can answer it. >> >> 1 - I've implemented a custom OpenSsl Engine, which works perfectly >> fine in OpenSsl. >> 2 - I want to create a sample web site that uses https with Apache. >> After my search, I saw that Apache uses mod_ssl to support https. >> Mod_ssl is based on openssl. >> >> That's where my question comes in: >> >> When mod_ssl uses openssl in the backend, I want it to use my custom >> Openssl Engine implementation. Is it possible? >> >> I hope that i'm clear. >> >> Thanks, >> >> Erman >> > Hi, Erman; > Yes, you can in 2.0. In order to use an engine, though, you must > compile httpd with -DSSL_EXPERIMENTAL_ENGINE. This will enable the > SSLCryptoDevice directive which will be set to the name of your engine. > This compile flag was dropped in 2.2 which made SSLCryptoDevice part of > a 'normal' build. > > -- > Daniel Ruggeri > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org