Re: [sr-dev] [kamailio/kamailio] tls: add support for OpenSSL engine and private keys in HSM (#1484)

Thanks for the comments, I summarize actionable items at the bottom as the conversation develops. I can push further commits, and do the final squash when it can be accepted. 1. Preprocessor defines `OPENSSL_NO_ENGINE` - followed nginx and HAProxy where they use this to omit compile-time code that uses OpenSSL `ENGINE_xxxx` functions. Frankly I doubt any modern OpenSSL actually defines this. Same purpose as `OPENSSL_NO_ECDH` in existing `tls.c`. At runtime it might be difficult as the symbol won't be in the users `libcrypto.so`. If we include these symbols, then the users `libcrypto.so` is required to have engine support (even if they don't use it) Currently the runtime use is controlled by the proposed modparam `engine`, but ENGINE symbols are still UND in `tls.so`. 1. whitespace - added to TODO list below: it was a code editor setting, my bad 1. documentation - added to TODO list Sample nginx code (because of `ENGINE_*` symbols). HAProxy has similar constructs: ``` #ifndef OPENSSL_NO_ENGINE u_char *p, *last; ENGINE *engine; EVP_PKEY *pkey; p = key->data + sizeof("engine:") - 1; last = (u_char *) ngx_strchr(p, ':'); if (last == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid syntax in \"%V\"", key); return NGX_ERROR; } *last = '\0'; engine = ENGINE_by_id((char *) p); ``` TODO list: * revert code editor gratuitous whitespace changes * documentation updates for new configuration directives -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1484#issuecomment-374443429