---------- Forwarded message --------- From: David Woodhouse <[email protected]> Date: Thu, 14 Mar 2019 at 18:25 Subject: [PATCH v2] Fix ENGINE support with OpenSSL 1.1+ To: Rosen Penev <[email protected]> Cc: <[email protected]>
Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
versions of OpenSSL, asserting that it should happen automatically.
That appears not to be the case, and loading engines now fails because
the dynamic engine isn't present.
Fix it by calling ENGINE_load_builtin_engines(), which works for all
versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
because that should have happened when SSL_load_error_strings() is
called anyway.
Signed-off-by: David Woodhouse <[email protected]>
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 705fa29a3..ee7ed7c9b 100644
@@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf)
#ifndef OPENSSL_NO_ENGINE
wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ERR_load_ENGINE_strings();
- ENGINE_load_dynamic();
-#endif /* OPENSSL_VERSION_NUMBER */
+ ENGINE_load_builtin_engines();
if (conf &&
(conf->opensc_engine_path || conf->pkcs11_engine_path ||
_______________________________________________
Hostap mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/hostap
--
Cheers,
Andrej
smime.p7s
Description: S/MIME cryptographic signature

