mod_ssl: Add support for loading keys from OpenSSL 3.x providers via

the STORE API. Separates compile-time support for the STORE API
(supported in 3.x) from support for the ENGINE API (deprecated in
3.x).

* modules/ssl/ssl_private.h: Define MODSSL_HAVE_OPENSSL_STORE for
  OpenSSL 3.0+.

* modules/ssl/ssl_engine_pphrase.c (modssl_load_store_uri,
  modssl_load_keypair_store): New functions.
  (modssl_load_keypair_engine): Renamed from modssl_load_keypair_engine.
  (modssl_load_engine_keypair): Reimplement to use new STORE-based
  functions if SSLCryptoDevice was not configured, or else old
  ENGINE implementation.

* modules/ssl/ssl_util.c (modssl_is_engine_id): Match pkcs11: URIs
  also for the OpenSSL 3.x STORE API.

* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Tweak log
  message on error paths for the provider/STORE case.

Signed-off-by: Ingo Franzki <ifranzki linux.ibm.com>
Submitted by: Ingo Franzki <ifranzki linux.ibm.com>
Github: closes #397, closes #398


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914365 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 2 insertions, 0 deletions

diff --git a/changes-entries/ssl-providers.txt b/changes-entries/ssl-providers.txt
new file mode 100644
index 0000000000..65b5655afa
--- /dev/null
+++ b/changes-entries/ssl-providers.txt
@@ -0,0 +1,2 @@
+  *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
+     via OpenSSL 3.x providers.  [Ingo Franzki <ifranzki linux.ibm.com>]