Re: -keyform ENG and NodeJS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 02, 2019 at 05:49:10PM -0700, Erik Madsen wrote:

> I am using a Hardware Security Module.  Both s_client and cURL work fine 
> due to we can use the CLI "-keyform ENG" for s_client and "--key-type 
> ENG" for curl
> 
> Is it possible to specify this in the openssl.cnf file instead of the CLI?

You could be a bit more explicit about whether this a TLS or some
other application.  Configuration is "module"-specific.

> For testing this, the following works:
> 
> openssl s_client -connect host:port -engine engineSO -keyform ENG -cert 
> /path/to/signed/cert
> 
> 
> If we can do like this:
> 
> OPENSSL_CONF=openssl.cnf openssl s_client -connect host:port -engine 
> engineSO -cert /path/to/signed/cert (removed the -keyform)
> 
> I think will work fine

I don't believe that the SSL "conf module" presently supports a
"command" that allows you specify the "keyform" of a private key
file.  It has a "PrivateKey" "command", but this appears to be
unconditionally limited to PEM.

If anyone else knows otherwise, corrections welcome

-- 
	Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux