Mukund, I think it is a great idea to update the usage of engine_pkcs11 in OpenSSL and dropping the custom OpenSSL patches.  Please go ahead.


Also the question of removal of native-pkcs11 is not topic of this issues, so let's not discuss it here and now.  However, I would appreciate that instead of throwing strong opinions at each other we will do (informal) cost-benefit analysis of a feature in question and make an informed decision based on technical facts and hard data and not personal feelings and opinions.