I added some debugging output to openssl and I have found that it is parsing the config file twice and attempting to load the engine twice.
OPENSSL_CONF=/opt/cbnca/etc/cbn-openssl.conf ./apps/openssl smime -decrypt -recip /tmp/ldaptest-cert.pem -engine pkcs11 -inkey slot_0 -keyform engine -in /tmp/encrypt ENGINE LIST ADD!!!!! NCONF_load /opt/cbnca/etc/cbn-openssl.conf def_load /opt/cbnca/etc/cbn-openssl.conf Section: default psection: default v name: openssl_conf value: openssl_def psection: openssl_def v name: engines value: engine_section psection: engine_section v name: pkcs11 value: pkcs11_section psection: pkcs11_section v name: engine_id value: pkcs11 psection: pkcs11_section v name: dynamic_path value: /usr/lib64/engines/engine_pkcs11.so psection: pkcs11_section v name: MODULE_PATH value: /usr/lib64/opensc-pkcs11.so psection: pkcs11_section v name: init value: 0 psection: pkcs11_section v name: PIN value: 9999 ENGINE LIST ADD!!!!! First ID: dynamic --- Second ID: pkcs11 openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:287 ENGINE LIST ADD!!!!! First ID: dynamic --- Second ID: dynamic NCONF_load /opt/cbnca/etc/cbn-openssl.conf def_load /opt/cbnca/etc/cbn-openssl.conf Section: default psection: default v name: openssl_conf value: openssl_def psection: openssl_def v name: engines value: engine_section psection: engine_section v name: pkcs11 value: pkcs11_section psection: pkcs11_section v name: engine_id value: pkcs11 psection: pkcs11_section v name: dynamic_path value: /usr/lib64/engines/engine_pkcs11.so psection: pkcs11_section v name: MODULE_PATH value: /usr/lib64/opensc-pkcs11.so psection: pkcs11_section v name: init value: 0 psection: pkcs11_section v name: PIN value: 9999 ENGINE LIST ADD!!!!! First ID: dynamic --- Second ID: pkcs11 First ID: pkcs11 --- Second ID: pkcs11 Auto configuration failed 139807017879192:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine id:eng_list.c:119: 139807017879192:error:2606906E:engine routines:ENGINE_add:internal list error:eng_list.c:291: 139807017879192:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine id:eng_dyn.c:540: 139807017879192:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:section=pkcs11_section, name=dynamic_path, value=/usr/lib64/engines/engine_pkcs11.so 139807017879192:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 Any idea why it would be doing that? Thanks, Bram On 11-04-05 7:24 AM, Bram Cymet wrote: > Hi, > > When I try to load the opensc-engine with a config file I get: > > OPENSSL_CONF=/opt/cbnca/etc/cbn-openssl.conf openssl engine -vvv -t -c > (dynamic) Dynamic engine loading support > [ unavailable ] > SO_PATH: Specifies the path to the new ENGINE shared library > (input flags): STRING > NO_VCHECK: Specifies to continue even if version checking fails > (boolean) > (input flags): NUMERIC > ID: Specifies an ENGINE id name for loading > (input flags): STRING > LIST_ADD: Whether to add a loaded ENGINE to the internal list > (0=no,1=yes,2=mandatory) > (input flags): NUMERIC > DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories > (0=no,1=yes,2=mandatory) > (input flags): NUMERIC > DIR_ADD: Adds a directory from which ENGINEs can be loaded > (input flags): STRING > LOAD: Load up the ENGINE specified by other settings > (input flags): NO_INPUT > (pkcs11) pkcs11 engine > [RSA, DSA, DH, RAND] > openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:284 > Auto configuration failed > 20819:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine > id:eng_list.c:116: > 20819:error:2606906E:engine routines:ENGINE_add:internal list > error:eng_list.c:288: > 20819:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine > id:eng_dyn.c:540: > 20819:error:0E07606D:configuration file routines:MODULE_RUN:module > initialization error:conf_mod.c:235:module=engines, > value=engine_section, retcode=-1 > > but if I load it from the openssl shell it works fine: > > OpenSSL> engine dynamic -pre SO_PATH:/usr/lib64/engines/engine_pkcs11.so > -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre > MODULE_PATH:/usr/lib64/opensc-pkcs11.so > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:/usr/lib64/engines/engine_pkcs11.so > [Success]: ID:pkcs11 > [Success]: LIST_ADD:1 > [Success]: LOAD > [Success]: MODULE_PATH:/usr/lib64/opensc-pkcs11.so > Loaded: (pkcs11) pkcs11 engine > > > my config file looks like : > > openssl_conf = openssl_def > [openssl_def] > engines = engine_section > > [engine_section] > pkcs11 = pkcs11_section > > [pkcs11_section] > engine_id = pkcs11 > dynamic_path = /usr/lib64/engines/engine_pkcs11.so > MODULE_PATH = /usr/lib64/opensc-pkcs11.so > init = 0 > PIN = PINOFSMARTCARD > > Any idea why I am getting a conflicting engine id and how I can debug > and fix this? > > Thanks, > -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. 613-608-9752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
