[openssl-dev] Ubsec and Chil engines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



All,

I toyed over the weekend with resurrecting CHIL: intermediate result here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT PROUD OF THIS but have no cycles to clean it up for at least a couple of days to come. It builds now but doesn't work: my privkey loading routine doesn't get called and that may be an API change I missed. 

Can we resurrect CHIL for 1.1 along these lines? Then I'd be delighted to join the discussion about p11 for down the road. 

S. 

Sent from my iPhone

> On Feb 22, 2016, at 10:00 AM, Richard Levitte <levitte at openssl.org> wrote:
> 
> In message <347004c001fd430aadadceac908e68a2 at ustx2ex-dag1mb1.msg.corp.akamai.com> on Mon, 22 Feb 2016 14:46:28 +0000, "Salz, Rich" <rsalz at akamai.com> said:
> 
> rsalz> > If we integrate the support natively into OpenSSL, then PKCS#11 URIs (see
> rsalz> > RFC7512) can be first-class citizens throughout the crypto and SSL APIs. Any
> rsalz> > function which takes a filename for a cert or key should also accept? a
> rsalz> > PKCS#11 URI.
> rsalz> 
> rsalz> It'd be great to see a crypto/pkcs11 directory with full native support (as much as possible).
> rsalz> 
> rsalz> But really doubtful to happen in 1.1 as the API freeze is in a month.
> 
> Yeah, 1.1 is unrealistic, I'm sorry to say.
> 
> -- 
> Richard Levitte         levitte at openssl.org
> OpenSSL Project         http://www.openssl.org/~levitte/


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux