[sr-dev] git:master:39487831: tls: add support for OpenSSL engine and private keys in HSM
AntonyA
ascanio.alba7 at gmail.com
Mon Apr 9 13:58:50 CEST 2018
Module: kamailio
Branch: master
Commit: 394878313770a3b8b57a346a0a323effe8e88a4f
URL: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323effe8e88a4f
Author: AntonyA <ascanio.alba7 at gmail.com>
Committer: AntonyA <ascanio.alba7 at gmail.com>
Date: 2018-04-09T19:17:06+08:00
tls: add support for OpenSSL engine and private keys in HSM
- add support for OpenSSL engine and loading private keys from HSM
- for when kamailio is a TLS edge proxy and needs to use HSM
- currently we initialize the engine in worker processes as PKCS#11
libraries are not guaranteed to be fork() safe
- new config params
- engine: name the OpenSSL engine
- engine_config: an OpenSSL config format file used to bootstrap engines
- engine_algorithms: list of algorithms to delegate to the engine
- tested with Gemalto SafeNet Luna (AWS CloudHSM) with RSA and EC private keys
TLSv1.2 and PFS cipher suites
---
Added: src/modules/tls/doc/hsm_howto.xml
Added: src/modules/tls/tls_map.c
Added: src/modules/tls/tls_map.h
Modified: src/modules/tls/doc/params.xml
Modified: src/modules/tls/doc/tls.xml
Modified: src/modules/tls/tls_domain.c
Modified: src/modules/tls/tls_mod.c
Modified: src/modules/tls/tls_server.c
---
Diff: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323effe8e88a4f.diff
Patch: https://github.com/kamailio/kamailio/commit/394878313770a3b8b57a346a0a323effe8e88a4f.patch
More information about the sr-dev
mailing list