On Thu, May 08, 2025 at 03:50:20PM +0100, Christopher Staite wrote: > Subject: Re: [PATCH] FEATURE: pkcs11: add support for PKCS#11 > Hi William, > > Finally found some time to "finish" this off. There is now a varnish test > for AWS-LC with both RSA and ECDSA. I’ve tested it out with Google KMS > module > (https://github.com/GoogleCloudPlatform/kms-integrations/releases?q=pkcs%2311&expanded=true) > on GCP and it appears to function as expected. > > Sorry it’s 3000 lines of new code, but I broke it down in to modules which > should hopefully make it more readable. Pretty much all of the code is gated > behind a new non-default feature (PKCS11), so shouldn’t be too much of a risk. > > Future improvements: > - Support for OpenSSL Engine (3+) and OpenSSL Providers (1.x) to avoid > having to use an external PKCS#11 solution > - Include testing for Ed25519 > - Maybe improve error messages in failure cases > - More examples (although, maybe this is better suited to the Wiki) > - I’m not sure if the code works with Windows and/or macOS, although the > full GitHub test suite passes > > Thanks, Chris. >
Thank you for getting us updated, I'm still busy with 3.2 release and the preparation of the conference for now. We will take a look at this after the 3.2 release. Sorry for letting this aside for now. Regards, -- William Lallemand
