Greetings, Erlang folks, hope this message finds you well!
I’m hoping to utilize an HSM (hardware security module) for private key storage and am curious whether openssl 3’s “provider” will be supported (to replace the deprecated “engine” usage) and if so, if there’s a targeted availability time frame.
In the meantime, is there something I might inadvertently be doing incorrectly in attempting to make use of openssl 3 and engine? My attempts result in notsup errors.
For clarity:Erlang/OTP 26 [erts-14.1.1] [source] [64-bit] [smp:16:16] [ds:16:16:10] [async-threads:1] [jit:ns]
Engine was disabled for OpenSSL3.* as we had some problems getting it to work. Those problems are probably fixed now in OTP-26.1 by PR-7392 but the disabled engine was left behind.
I have enabled engine for OpenSSL 3 in PR-7763 and hopefully we can release it in OTP 26.2.
For anyone looking at this, I can confirm the pkcs11 openssl engine (libengine-pkcs11-openssl on Ubuntu flavored systems) works with openssl 3 from the current (2023-10-31) maint branch (which should ultimately generally land on OTP 26.2).
Thanks again, @sverker!! Please refer to his response, listed as solution, for PR details.