"Did you identify why the fork was causing an issue? We should probably
try to understand this before, it could be something stupid in haproxy's
code or in the pkcs11 provider."
- PKCS#11 drivers contain session objects and handles to private keys in
the HSM; these session objects and handles don'
On Thu, Mar 28, 2024 at 08:26:58AM +0800, Richard Chan wrote:
> Hello,
>
> This is an RFC to recreate private keys in the worker process
> for PKCS#11, so that HSM keys can be used in -W mode.
>
> - ssl_ckch.c: add map of ckch_data to PEM data
> - ssl_sock.c: add map of SSL_CTX* to ckch_data
> -
Fix typo in patch formatting.
Richard
diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 94c53b301..00ba2bf18 100644
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -72,5 +72,14 @@ int __ssl_store_load_locations_file(char *path, int create_if_none, enum
Apologies for the badly pasted diff
Richard
diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 94c53b301..00ba2bf18 100644
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -72,5 +72,14 @@ int __ssl_store_load_locations_file(char *path, int create_if_none
diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 94c53b301..00ba2bf18 100644
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -72,5 +72,14 @@ int __ssl_store_load_locations_file(char *path, int
create_if_none, enum cafile_
extern struct cert_exts cert_
Hello,
This is an RFC to recreate private keys in the worker process
for PKCS#11, so that HSM keys can be used in -W mode.
- ssl_ckch.c: add map of ckch_data to PEM data
- ssl_sock.c: add map of SSL_CTX* to ckch_data
- maps are implemented using buckets of linked lists
it is explicit and in the
6 matches
Mail list logo
