[openssl-dev] Ubsec and Chil engines
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Feb 19 16:14:04 UTC 2016
+1.
With one exception: engine_pkcs11 has been subsumed (and merged into) libp11.
I've tested it with a few different PIV tokens (RSA and ECC), and it was great.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Nikos Mavrogiannopoulos
Sent: Friday, February 19, 2016 09:53
To: openssl-dev at openssl.org
Reply To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] Ubsec and Chil engines
On Fri, 2016-02-19 at 13:12 +0000, Matt Caswell wrote:
> As far as I know there are some customers using the Chil engine
> > with
> > RHEL (openssl-1.0.1).
>
> How do you feel about the engine being spun out into a separate repo?
> That of course assumes that a volunteer can be found to maintain it
> (I
> don't believe anyone on the dev team wishes to do so).
>
> If no such volunteer can be found how big a deal is it to remove it
> from
> 1.1.0 without a replacement? Obviously it won't be taken out of
> 1.0.1/1.0.2. Of course there's no reason, even if we take it out now,
> that if someone needs it badly enough in the future that they
> couldn't forward port the 1.0.2 version to 1.1.0 and maintain it
> themselves at that point.
It may even be better, instead of pushing for different engines for
different hardware, to make PKCS#11 the only API used to talk to
hardware. There is a quite functional (and active as project) pkcs11
engine for openssl [0].
regards,
Nikos
[0]. https://github.com/OpenSC/engine_pkcs11
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160219/e88ae851/attachment.bin>
More information about the openssl-dev
mailing list