-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-10.0.beta
-
None
-
No
-
None
-
rhel-sst-cs-stacks
-
ssg_core_services
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Currently, the only way to use PKCS#11 tokens in nginx is to encode PKCS#11 URI into PEM file and let openssl to handle it. Although this works it comes with a price. Encoded URI is not human-readable and if it contains wrong pin it might lock the token eventually. It would be good to have implemented loading object via OSSL_STORE openssl API to be able to specify PKCS#11 URI directly in the nginx configuration.
What is the impact of this issue to you?
Without this the usability of PKCS#11 tokens is worse that it was on RHEL-9.
Please provide the package NVR for which the bug is seen:
nginx-1.26.1-6.el10
- links to