This should be a relatively trivial change to
ssl_pphrase_Handle()... if szCryptoDevice is non-NULL, pass the
private key path as the key_id to ENGINE_load_private_key. If that
fails, fall back to the normal PEM loading code...

Kent

> I've been looking into enabling apache+mod_ssl to use hardware keys
> encrypted by a TPM. I have openssl's s_server test working using an
> openssl TPM engine [1] and trousers [2]. It looks like the key to
> getting this working in apache is support for engine format keys in
> mod_ssl. Is there any interest in enabling engine format keys in
> mod_ssl, or, is there another path to accomplish what I'm trying to
> do?
>
> Thanks,
> Kent
>
> [1] http://cvs.sourceforge.net/viewcvs.p...ons/openssl_t=

pm_engine/
> [2] http://trousers.sf.net
>



--
Kent Yoder
IBM LTC Security Dev.
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org