add support for mbedtls #26
Comments
|
@cobradevil For mbedtls support, are you talking about the client library TLS support only (doable as we support OpenSSL/GnuTLS) or also the server aspect of Caml Crush, where we use ocaml-ssl/Ocamlnet for this, in which case: support for mbedtls should be a request to those projects. Also note, that depending on OCamlnet version the underlying TLS library is exclusive and changes (OpenSSL for 3.x and GnuTLS for 4.x). |
|
@cobradevil also we'd be grateful if you can post an updated nginx configuration sample for to update the wiki, given you have a working setup. |
|
@calderonth create the file: /etc/systemd/system/nginx.service.d/override.conf with the following content: then run: systemctl daemon-reload then create the file: /etc/nginx/openssl.conf with the following contents: now create the nginx vhost with the following ssl settings: |
|
it would be nicer for the server component but then the upstream projects would need to implement it so that is a bigger issue. Best regards, |
|
Issue accepted as a feature request. |
|
Hi again @cobradevil, we welcome contribution for this open source project. |
|
Hi @calderonth , |
Hello caml-crush developers,
This is a feature request to have support for mbedtls (formarly known as polarssl).
We are already using openvpn with polarssl because this is easier to analyse then openssl.
We are looking into caml-crush for using it as a HSM. We already have a test setup with nginx as a reverse proxy with caml-crush as the HSM like solution. Also the wiki seems outdated when it comes to using nginx with caml-crush because the limitiation of running nginx with master_process and deamon off is already fixed in recent versions of libp11.
Based on closed issue https://github.com/ANSSI-FR/caml-crush/issues/15 and OpenSC/libp11#39
Best regards,
William
The text was updated successfully, but these errors were encountered: