Ok I am getting closer.
I can get the engine to load now with this (better) config file
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/local/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0
but when I got to use the engine I get:
openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:284
Auto configuration failed
23985:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine
id:eng_list.c:116:
23985:error:2606906E:engine routines:ENGINE_add:internal list
error:eng_list.c:288:
23985:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine
id:eng_dyn.c:540:
23985:error:0E07606D:configuration file routines:MODULE_RUN:module
initialization error:conf_mod.c:235:module=engines,
value=engine_section, retcode=-1
any idea why that would be happening?
On 11/09/2010 05:28 PM, Bram Cymet wrote:
Here is an example of what happens if I run it from the command line
interface:
openssl
OpenSSL> engine dynamic -pre
SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/opensc-pkcs11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/usr/lib64/opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
OpenSSL> engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine
But if I try it with the given config file:
openssl
OpenSSL> engine
Error configuring OpenSSL
139855973107368:error:25066067:DSO support routines:DLFCN_LOAD:could
not load the shared
library:dso_dlfcn.c:185:filename(/usr/local/ssl/lib64/engines/libpkcs11.so):
/usr/local/ssl/lib64/engines/libpkcs11.so: cannot open shared object
file: No such file or directory
139855973107368:error:25070067:DSO support routines:DSO_load:could not
load the shared library:dso_lib.c:244:
139855973107368:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:450:
139855973107368:error:2606A074:engine routines:ENGINE_by_id:no such
engine:eng_list.c:417:id=pkcs11
139855973107368:error:260BC066:engine
routines:INT_ENGINE_CONFIGURE:engine configuration
error:eng_cnf.c:204:section=pkcs11_section, name=SO_PATH,
value=/usr/local/lib/engines/engine_pkcs11.so
139855973107368:error:0E07606D:configuration file
routines:MODULE_RUN:module initialization
error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1
error in engine
On 11/09/2010 04:57 PM, Bram Cymet wrote:
Hi,
I have the following in my /etc/ssl/openssl.cnf file:
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
SO_PATH = /usr/local/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0
[req]
distinguished_name = req_distinguished_name
[req_distinguished_name]
Yet when I try to load openssl it insists on loading
/usr/lib64/engines/libpkcs11.so instead of the files that I have
specified.
If I don't have this in my config file and just specify the engine in
the openssl command line interface then it works fine.
Any idea what could be going on? Why would it seem to ignore my config.
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
