Re: [PATCH 0/1] Load OpenSSL config if present in sign-file.c

From: David Woodhouse
Date: Fri Feb 03 2017 - 04:07:59 EST

Next message: Greg KH: "Re: [PATCH v2 00/10] serial: st-asc: Allow handling of RTS line"
Previous message: Greg KH: "Re: [RFC PATCH] usb: misc: add USB251xB/xBi Hi-Speed Hub Controller Driver"
In reply to: Antony Vennard: "[PATCH 1/1] Load OpenSSL config if present in sign-file.c"
Next in thread: Antony Vennard: "Re: [PATCH 0/1] Load OpenSSL config if present in sign-file.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2017-02-03 at 02:31 +0100, Antony Vennard wrote:
> sign-file documentation on kernel.org advertises the fact thatÂ
> sign-file can use OpenSSL loadable engine support using pkcs#11 uriÂ
> syntax (rfc 7512) for loading private keys from hardware tokens, ifÂ
> openssl loadable engine support is present.
>
> Unfortunately, if openssl configuration files are not loaded there isÂ
> no way (to my knowledge) for openssl to load third party pkcs#11Â
> libraries as specified by openssl configuration.

ENGINE_pkcs11 should be configured to load p11-kit-proxy.so as its
default provider module.

Any third party PKCS#11 module you want to use should be configured in
p11-kit properly, and it'll then be available to well-behaved
applications. Including sign-file.

You should need any of the special OpenSSL config horridness.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Greg KH: "Re: [PATCH v2 00/10] serial: st-asc: Allow handling of RTS line"
Previous message: Greg KH: "Re: [RFC PATCH] usb: misc: add USB251xB/xBi Hi-Speed Hub Controller Driver"
In reply to: Antony Vennard: "[PATCH 1/1] Load OpenSSL config if present in sign-file.c"
Next in thread: Antony Vennard: "Re: [PATCH 0/1] Load OpenSSL config if present in sign-file.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]