[openssl-dev] Ubsec and Chil engines
Nikos Mavrogiannopoulos
nmav at redhat.com
Fri Feb 19 14:53:39 UTC 2016
On Fri, 2016-02-19 at 13:12 +0000, Matt Caswell wrote:
> As far as I know there are some customers using the Chil engine
> > with
> > RHEL (openssl-1.0.1).
>
> How do you feel about the engine being spun out into a separate repo?
> That of course assumes that a volunteer can be found to maintain it
> (I
> don't believe anyone on the dev team wishes to do so).
>
> If no such volunteer can be found how big a deal is it to remove it
> from
> 1.1.0 without a replacement? Obviously it won't be taken out of
> 1.0.1/1.0.2. Of course there's no reason, even if we take it out now,
> that if someone needs it badly enough in the future that they
> couldn't forward port the 1.0.2 version to 1.1.0 and maintain it
> themselves at that point.
It may even be better, instead of pushing for different engines for
different hardware, to make PKCS#11 the only API used to talk to
hardware. There is a quite functional (and active as project) pkcs11
engine for openssl [0].
regards,
Nikos
[0]. https://github.com/OpenSC/engine_pkcs11
More information about the openssl-dev
mailing list