[Dovecot] Solaris hardware crypto engines
Timo Sirainen
tss at iki.fi
Thu Nov 24 01:55:08 EET 2011
On Mon, 2011-11-21 at 23:49 +0100, Martin Preen wrote:
> # /usr/sfw/bin/openssl engine
> (pkcs11) PKCS #11 engine support
>
> >> ENGINE_set_default_RSA(e); ENGINE_set_default_DSA(e);
> >> ENGINE_set_default_ciphers(e);
> >>
> >> in ssl_proxy_init() and inserting ENGINE_cleanup(); in ssl_proxy_deinit()
> >> the crypto device gets used. I'm sure that this is not the whole story since
> >> this only seems to affect the IMAP login.
> >
> > It should work for POP3 as well, all of the SSL code is shared.
>
> I couldn't find the EncryptUpdate call which has to be changed too
> (due to the howto documents). Maybe some other call needs e patch.
> But I don't know which.
What EncryptUpdate?.. I've anyway added the engine init/deinit calls in
your email to v2.1 hg. Lets hope it works :) At least it didn't break
when I tried it with "dynamic" value (which is the only engine my
OpenSSL supports).
More information about the dovecot
mailing list