So It looks like this is a problem with openssl >= 1.0.0 as it works with 0.9.8k (this was the latest version of 0.9.8 that I tried).
I even tried the fix described here: http://old.nabble.com/engine_pkcs11-and-openssl.cnf-td28268403.html but it did not fix the problem. Nor did the one described here: http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013956.html On Oct 06, 2010 09:50 AM, Bram Cymet <bcy...@cbnco.com> wrote: >Hi, > >I am trying to use engine_pkcs11 from opensc to talk to a smartcard. I >am running into a few problems. > >My configuration looks like: > >openssl_conf = openssl_def > >[openssl_def] >engines = engine_section > >[engine_section] >pkcs11 = pkcs11_section > >[pkcs11_section] >engine_id = pkcs11 >dynamic_path = /usr/lib/engines/engine_pkcs11.so >MODULE_PATH = /usr/local/lib/opensc-pkcs11.so >init = 0 > >[req] >distinguished_name = req_distinguished_name > >[req_distinguished_name] > >Then when I go to use it I get: > >openssl smime -decrypt -recip ~/encrypt2.pem -engine pkcs11 -inkey >slot_0 -keyform engine -in /tmp/test.encrypt > >Error configuring OpenSSL >139711830169240:error:260AC089:engine routines:INT_CTRL_HELPER:invalid >cmd name:eng_ctrl.c:134: >139711830169240:error:260AB089:engine >routines:ENGINE_ctrl_cmd_string:invalid cmd name:eng_ctrl.c:316: >139711830169240:error:260BC066:engine >routines:INT_ENGINE_CONFIGURE:engine configuration >error:eng_cnf.c:204:section=pkcs11_section, name=MODULE_PATH, >value=/usr/local/lib/opensc-pkcs11.so >139711830169240:error:0E07606D:configuration file >routines:MODULE_RUN:module initialization >error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 >unable to load module (null) >Segmentation fault > >The segfualt occurs here: > >Program received signal SIGSEGV, Segmentation fault. >0x00007ffff6ed450e in PKCS11_CTX_unload (ctx=<value optimized out>) at >p11_load.c:100 >100 priv->method->C_Finalize(NULL); > >Any ideas what is going on? > >I am using openssl 1.0.0 > >Also on a side note if I use the command: > >OPENSSL_CONF=piv.conf openssl > >The OPENSSL_CONF variable is ignored and it just uses the default >config >file. Setting the config file like this on the command line used to >work >has something changed? > >Thanks, > >-- >Bram Cymet >Software Developer >Canadian Bank Note Co. Ltd. >Cell: 613-608-9752 > > > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
