README.md in r509-0.9.1 vs README.md in r509-0.9.2
- old
+ new
@@ -143,12 +143,11 @@
####Load Hardware Engines in PrivateKey
The engine you want to load must already be available to OpenSSL. How to compile/install OpenSSL engines is outside the scope of this document.
```ruby
-OpenSSL::Engine.load("engine_name")
-engine = OpenSSL::Engine.by_id("engine_name")
+engine = R509::Engine.load("SO_PATH" => "/usr/lib64/openssl/engines/libchil.so", "ID" => "chil")
key = R509::PrivateKey(
:engine => engine,
:key_name => "my_key_name"
)
```
@@ -437,20 +436,20 @@
###ca\_cert
This hash defines the certificate + key that will be used to sign for the ca\_name. Depending on desired configuration various elements are optional. You can even supply just __cert__ (for example, if you are using an ocsp\_cert hash and only using the configured CA for OCSP responses)
* cert (cannot use with pkcs12)
* key (optional, cannot use with pkcs12)
-* engine (optional, cannot be used with key or pkcs12)
+* engine (optional, cannot be used with key or pkcs12. Must be a hash with SO_PATH and ID keys)
* key\_name (required when using engine)
* pkcs12 (optional, cannot be used with key or cert)
* password (optional, used for pkcs12 or passworded private key)
###ocsp\_cert
This hash defines the certificate + key that will be used to sign for OCSP responses. OCSP responses cannot be directly created with r509, but require the ancillary gem [r509-ocsp-responder](https://github.com/reaperhulk/r509-ocsp-responder). This hash is optional and if not provided r509 will automatically use the ca\_cert as the OCSP certificate.
* cert (cannot use with pkcs12)
* key (optional, cannot use with pkcs12)
-* engine (optional, cannot be used with key or pkcs12)
+* engine (optional, cannot be used with key or pkcs12. Must be a hash with SO_PATH and ID keys)
* key\_name (required when using engine)
* pkcs12 (optional, cannot be used with key or cert)
* password (optional, used for pkcs12 or passworded private key)
###cdp\_location