easy: Increment engine reference in curl_easy_duphandle When external programs (such as git) try to set the SSL engine, they set the engine in the default handle but subsequently (if using multi) obtain a duplicate handle to do the actual work.
curl_easy_duphandle did not do anything with state.engine if set; make it do so by getting the engine ID of the source handle and incrementing the reference count with another curl_ssl_set_engine call. To my limited knowledge this is the 'proper' way to handle additional handles needing a non-default engine. Please advise if otherwise; handling of the default engine flag across handles is not attempted. ssluse: Add Petr Pisar's patch to read OpenSSL conf file In 2010 Petr Pisar supplied a patch to allow curl to parse OpenSSL configuration files (either default or env-specified), enabling the use of dynamic engines such as those used for smartcard support. Original discussion of the patch terminated here: http://curl.haxx.se/mail/archive-2010-03/0037.html The patch is included here and credited to Mr. Pisar because it, in combination with the duphandle fix, allows OpenSSL-compiled libcurl (and programs which depend upon it such as git) to support smartcards. Further suggestions on how to implement this functionality in a safe and useful way are solicited, as the effect (allowing dynamic engines) is key to enabling smartcard support in the 'standard' distribution of curl. Reported-by: Petr Pisar <petr.pi...@atlas.cz> Signed-off-by: Jerry Qassar <jqas...@gmail.com> --- lib/easy.c | 12 ++++++++++++ lib/ssluse.c | 5 +++++ 2 files changed, 17 insertions(+) diff --git a/lib/easy.c b/lib/easy.c index 72e1206..be93be4 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -613,6 +613,18 @@ CURL *curl_easy_duphandle(CURL *incurl) data->state.resolver) != CURLE_OK) goto fail; + /* If set, clone the handle to the engine being used. */ +#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H) + if (data->state.engine) { + /* state.engine existing means curl_ossl_set_engine was + * previously successful. Because curl_ossl_set_engine worked, + * we can query the already-set engine for that handle and use + * that to increment a reference: + */ + Curl_ssl_set_engine(outcurl, ENGINE_get_id(data->state.engine)); + } +#endif /* USE_SSLEAY */ + Curl_convert_setup(outcurl); Curl_easy_initHandleData(outcurl); diff --git a/lib/ssluse.c b/lib/ssluse.c index a6709d9..f9dce25 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -679,6 +679,11 @@ int Curl_ossl_init(void) /* Lets get nice error messages */ SSL_load_error_strings(); + /* Load config file */ + OPENSSL_load_builtin_modules(); + if (CONF_modules_load_file(getenv("OPENSSL_CONF"), NULL, 0) <= 0) + return 0; + /* Init the global ciphers and digests */ if(!SSLeay_add_ssl_algorithms()) return 0; -- 1.8.2.1.342.gfa7285d.dirty ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html