openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon ruby

Provider.add_conf_parameter

Open grawity opened this issue 9 months ago • 1 comments

Originally I thought that providers could only be configured through openssl.cnf or environment variables, unlike engines which had engine.ctrl_cmd("MODULE_PATH", path) to achieve that.

But last week I noticed that libp11 (the same one where engine-pkcs11 comes from) implemented another PKCS#11 provider, their documentation now says that OSSL_PROVIDER_load() can be used to load a provider as needed and then OSSL_PROVIDER_add_conf_parameter() can be used to configure it.

ruby-openssl already has OSSL_PROVIDER_load(); would it be possible to also add an OpenSSL::Provider#add_conf_parameter() method that performs OSSL_PROVIDER_add_conf_parameter()?

grawity avatar Mar 28 '25 18:03 grawity

OSSL_PROVIDER_add_conf_parameter() seems useful.

Currently it appears to be in OpenSSL's master branch only, but I guess it will be in OpenSSL 3.5.

rhenium avatar Mar 30 '25 13:03 rhenium