signing.bbclass: add support for OpenSSL PKCS#11 provider - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Fabian Pflug <f.pflug@pengutronix.de>	2026-03-04 16:31:42 +0100
committer	Khem Raj <raj.khem@gmail.com>	2026-03-04 22:26:02 -0800
commit	f75a2ab194ee2ea0dd7572669fa3b052f2da36f9 (patch)
tree	2832451a4dab4b052611895abfa26f85427fbc3b /meta-python/recipes-devtools/python/python-rfc3986-validator
parent	40a1825c95333fbf114c41966d68339e12cf208a (diff)
download	meta-openembedded-f75a2ab194ee2ea0dd7572669fa3b052f2da36f9.tar.gz

signing.bbclass: add support for OpenSSL PKCS#11 provider

OpenSSL 4.0 will drop support for engines and use providers instead. To access SoftHSM and other PKCS#11 modules via the provider API, we rely on https://github.com/latchset/pkcs11-provider, which is already available as via pkcs11-provider recipe. We enable this provider by using a specific OpenSSL config when signing. This means that recipes inheriting this class can decide whether they want to use the engine or provider to access the key. SoftHSM seems to produce broken keys when calling the C_CopyObject, so disable caching in the provider for now. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-rfc3986-validator')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: