Re: Using Apache 2.0 with mod_ssl and custom engine on openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Erman;
   You are correct - there are no ways to pass arguments via the
configuration file. You could use environment entries to avoid hard
coding things in your engine, though.

--
Daniel Ruggeri

On 6/11/2013 12:01 PM, coolcuzu wrote:
> Thank you Daniel for your help.
>
> I believe a bad part (or an important feature that does not exist) of
> mod_ssl is the lack of ability to pass any argument or parameter to
> the crypto device that you want to use. Do you know anything about
> passing a parameter (command in openssl engine terminology)?
> Otherwise, I may need to hardcode the parameters into the custom
> openssl engine, which isn't very nice though.
>
> Erman
>
> On 6/11/2013 11:06 AM, Daniel Ruggeri wrote:
>> On 6/10/2013 4:56 PM, coolcuzu wrote:
>>> Hi,
>>>
>>> My question may seem rather complex, but I believe someone can
>>> answer it.
>>>
>>> 1 - I've implemented a custom OpenSsl Engine, which works perfectly
>>> fine in OpenSsl.
>>> 2 - I want to create a sample web site that uses https with Apache.
>>> After my search, I saw that Apache uses mod_ssl to support https.
>>> Mod_ssl is based on openssl.
>>>
>>> That's where my question comes in:
>>>
>>> When mod_ssl uses openssl in the backend, I want it to use my custom
>>> Openssl Engine implementation. Is it possible?
>>>
>>> I hope that i'm clear.
>>>
>>> Thanks,
>>>
>>> Erman
>>>
>> Hi, Erman;
>>     Yes, you can in 2.0. In order to use an engine, though, you must
>> compile httpd with -DSSL_EXPERIMENTAL_ENGINE. This will enable the
>> SSLCryptoDevice directive which will be set to the name of your engine.
>> This compile flag was dropped in 2.2 which made SSLCryptoDevice part of
>> a 'normal' build.
>>
>> -- 
>> Daniel Ruggeri
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux