NeoRouter
http://www.neorouter.com/forum/

OpenSSL engine support & lightweight PKI
http://www.neorouter.com/forum/viewtopic.php?f=5&t=4435
Page 1 of 1

Author:  jpatrick [ Sun Oct 31, 2010 9:10 am ]
Post subject:  OpenSSL engine support & lightweight PKI

Two feature requests:

1) NRSERVER support for the openssl engine api parameter (if not already present). In my case I would like to specify the Via PADLOCK engine to perform SSL tunnel encryption offloading to the crypto chip on Via C7/Eden cpu. Could be implemented as a Feature.ini parameter (e.g. SSL_ENGINE="string", which is if present is passed as the ssl engine parameter in corresponding openssl API calls by NRSERVER).

2) Support for lightweight PKI security. In addition to the end point user authentication (over the SSL tunnel) security it would be useful to have the ability to authorise at the SSL tunnel connection as well using public certificate for a NRSERVER instance that is deployed to the clients. NRSERVER could be configured (via a Feature.ini option) to only allow clients with its public certificate present to connect before performing user level authentication and connectivity. This would be particularly useful for Android and USB/portable clients as an additional security consideration - clients could also be configured with their own Feature.ini to point to a directory holding the server certificates (e.g. on the SDCARD for android or USB stick for portable).

Kind regards
Jason

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/