On Fri, Apr 16, 2010, Dimitrios Siganos wrote: > Dr. Stephen Henson wrote: >> On Fri, Apr 16, 2010, Dimitrios Siganos wrote: >> >>> Now, I would like this engine to install automatically i.e. without >>> having to run the engine command. I tried adding the following to >>> openssl.cnf >>> >>> ########################## >>> openssl_conf = openssl_def >>> >>> [ openssl_def ] >>> engines = engine_section >>> >>> [ engine_section ] >>> pkcs11 = pkcs11_section >>> >>> [ pkcs11_section ] >>> engine_id = pkcs11 >>> dynamic_path = /home/ds/local/lib/engines/engine_pkcs11.so >>> MODULE_PATH = opensc-pkcs11.so >>> init = 0 >>> ########################## >>> >>> but it doesn't work properly. Here's what I get: >>> $ openssl engine -t >>> (dynamic) Dynamic engine loading support >>> [ unavailable ] >>> (4758cca) IBM 4758 CCA hardware engine support >>> [ unavailable ] >>> (aep) Aep hardware engine support >>> [ unavailable ] >>> (atalla) Atalla hardware engine support >>> [ unavailable ] >>> (cswift) CryptoSwift hardware engine support >>> [ unavailable ] >>> (chil) CHIL hardware engine support >>> [ unavailable ] >>> (nuron) Nuron hardware engine support >>> [ unavailable ] >>> (sureware) SureWare hardware engine support >>> [ unavailable ] >>> (ubsec) UBSEC hardware engine support >>> [ unavailable ] >>> (padlock) VIA PadLock (no-RNG, no-ACE) >>> [ unavailable ] >>> (gost) Reference implementation of GOST engine >>> [ available ] >>> (pkcs11) pkcs11 engine >>> Auto configuration failed >>> 1116888:error:260B606D:engine routines:DYNAMIC_LOAD:init >>> failed:eng_dyn.c:521: >>> 1116888:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine >>> configuration error:eng_cnf.c:204:section=pkcs11_section, >>> name=dynamic_path, value=/home/ds/local/lib/engines/engine_pkcs11.so >>> 1116888:error:0E07606D:configuration file routines:MODULE_RUN:module >>> initialization error:conf_mod.c:235:module=engines, value=engine_section, >>> retcode=-1 Can someone shed some light into this? >>> >> >> It's not obvious what the problem is from that. It looks like the PKCS#11 >> isn't initialising properly. >> >> Try using the dynamic ENGINE in the config file with exactly the same >> commands >> you used on the commmand line. >> > This seems to be a regression of some sort but not necessarily of openssl. > I found this thread on a different mailing list that describes the problem > in much more detail and there is an active discussion about possible fixes. > http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013953.html > > I tried openssl 0.9.8k and that works fine for me, so I will stick with the > older version for now. >
Ah I see what is happening, the auto config method is being called recursively and getting confused. That can be worked around in OpenSSL, try adding a call to OPENSSL_no_config() at the start of CONF_modules_load() in crypto/conf/conf_mod.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
