[mod_gnutls-devel] Patches

Thomas Klute thomas2.klute at uni-dortmund.de
Wed Feb 18 14:13:08 CET 2015


Hi,

PKCS #11/TPM support definitely looks interesting! The patch doesn't
apply cleanly to current master, though, so I've pulled it from Nikos'
repository [1] and pushed to a separate branch [2].

Since it's a large patch it'll probably be a while until I can get a
good look at it. If anyone wants to start removing the merge conflicts
with master: post patches or pull requests! ;-)

Regards,
Thomas

[1] https://github.com/nmav/mod_gnutls
[2] https://github.com/airtower-luna/mod_gnutls/tree/from-nmav

Am 16.02.2015 um 14:40 schrieb Thomas Calderon:
> Hi,
> 
> 
> Nikos sent the patch below a couple months ago.
> It is a great addition to mod_gnutls and could be aggregated with other
> mod_gnutls patches.
> 
> 
> Hello,
>  The attached patch adds PKCS #11/TPM support to mod_gnutls. The
> objects (keys and certificates), can be specified as PKCS #11 URLs
> [0], and you can see those URLs using gnutls' p11tool. Most probably
> some better documentation of these URLs is needed.
> This requires gnutls 3.1.3 or later, and as a side-effect this patch
> allows encrypted keys to be loaded by mod_gnutls (PKCS #8/#12 and
> openssl format).
> regards,
> Nikos
> [0]. http://www.gnutls
> .org/manual/html_node/Reading-objects.html#Reading-objects
> 
> 
> Cheers,
> 
> Thomas Calderon
> 
> 
> On Sun, Feb 15, 2015 at 4:30 PM, Thomas Klute <thomas2.klute at uni-dortmund.de
>> wrote:
> 
>> Hi all,
>>
>> I've added a wiki page to my mod_gnutls repository on Github. That's no
>> replacement for upstream merges, but it should hopefully make it easier
>> for anyone who might be interested to get my patches. Please see:
>>
>> https://github.com/airtower-luna/mod_gnutls/wiki
>>
>> I might create a branch aggregating all my work later, but I kind of
>> want to complete the proxy TLS support first. And while I can't merge
>> into the upstream repository, I'd be happy to collect useful patches. ;-)
>>
>> Best regards,
>> Thomas
>>
>> Am 07.02.2015 um 21:33 schrieb Ramkumar Chinchani:
>>> Hi Daniel,
>>>
>>> IMO, there are some good patches being contributed on the mailing list.
>>> While I understand that the project needs to be conservative in what gets
>>> accepted so as to not break things, I fear some good work is getting
>> lost.
>>>
>>> Perhaps, these can go into an "experimental" branch/tag so that they are
>>> available at a central place.
>>>
>>> Thoughts/comments/guidelines?
>>>
>>>
>>>
>>> _______________________________________________
>>> mod_gnutls-devel mailing list
>>> mod_gnutls-devel at lists.gnutls.org
>>> http://lists.gnupg.org/mailman/listinfo/mod_gnutls-devel
>>>
>>
>> _______________________________________________
>> mod_gnutls-devel mailing list
>> mod_gnutls-devel at lists.gnutls.org
>> http://lists.gnupg.org/mailman/listinfo/mod_gnutls-devel
>>
> 



More information about the mod_gnutls-devel mailing list