This bug report is a patch submission, sponsored by nCipher PLC, that provides
the minimal changes necessary to:

 1. Break the PEM file habit.
 2. Disable ssl_engine_pphrase password entry and (asn.1 based) caching of
certificates and keys read from those files. 
 3. Enable a pkcs11 based openssl ENGINE implementation to be used.

The change set introduced by this patch is *not* suitable for production use.
It's primary purpose is to stimulate discussion of if/how mod_ssl should be
changed to better support HSM managed keys and the pkcs11 standard.

This patch applies the above 3 changes if *any* SSLCryptoDevice is present in
the apache config. It assumes the same SSLCryptoDevice is used server wide. No
attempt is made to support distinct SSLCryptoDevices on a per (IP) based virtual
host basis.

Support for 3 in this patch is limited: It requires that *either* -DONE_PROCESS
is specified to apache on startup OR the pkcs11 implementation breaks the
"Applications and processes" rules set out in the pkcs11 standard [p 17 PKCS #11
v2.2 6.6.1]. A subsequent patch will lift the restrictions for the worker mpm.

For fuller discussion please see the http-dev thread "Apache2 mod_ssl with HSM
support" (started on Tue, 29 May 2007). 
http://mail-archives.apache.org/mod_mbox/httpd-dev/200705.mbox/ajax/%3cB98CCF34D7B54844B011D9D9D6DDBEAD09B84D@gemtsv10.engy.local%3e"