Re: Config file being ignored

Tue, 09 Nov 2010 14:32:37 -0800

Here is an example of what happens if I run it from the command line interface: 

openssl
OpenSSL> engine dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/opensc-pkcs11.so 
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/usr/lib64/opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
OpenSSL> engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine


But if I try it with the given config file:

openssl
OpenSSL> engine
Error configuring OpenSSL
139855973107368:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/local/ssl/lib64/engines/libpkcs11.so): /usr/local/ssl/lib64/engines/libpkcs11.so: cannot open shared object file: No such file or directory 139855973107368:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 139855973107368:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: 139855973107368:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=pkcs11 139855973107368:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:section=pkcs11_section, name=SO_PATH, value=/usr/local/lib/engines/engine_pkcs11.so 139855973107368:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 
error in engine


On 11/09/2010 04:57 PM, Bram Cymet wrote:

 Hi,

I have the following in my /etc/ssl/openssl.cnf file:

openssl_conf            = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
SO_PATH = /usr/local/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0

[req]
distinguished_name = req_distinguished_name

[req_distinguished_name]
Yet when I try to load openssl it insists on loading /usr/lib64/engines/libpkcs11.so instead of the files that I have specified.
If I don't have this in my config file and just specify the engine in the openssl command line interface then it works fine. 

Any idea what could be going on? Why would it seem to ignore my config.




--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to