Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-61629

Support loading object by OSSL_STORE API

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • nginx
    • None
    • No
    • None
    • rhel-sst-cs-stacks
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Currently, the only way to use PKCS#11 tokens in nginx is to encode PKCS#11 URI into PEM file and let openssl to handle it. Although this works it comes with a price. Encoded URI is not human-readable and if it contains wrong pin it might lock the token eventually. It would be good to have implemented loading object via OSSL_STORE openssl API to be able to specify PKCS#11 URI directly in the nginx configuration.

      What is the impact of this issue to you?

      Without this the usability of PKCS#11 tokens is worse that it was on RHEL-9.

      Please provide the package NVR for which the bug is seen:

      nginx-1.26.1-6.el10

              luhliari@redhat.com Lubos Uhliarik
              omoris Ondrej Moris
              Lubos Uhliarik Lubos Uhliarik
              rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: