On Tue, Apr 05, 2011, Bram Cymet wrote: > I added some debugging output to openssl and I have found that it is > parsing the config file twice and attempting to load the engine twice. > > OPENSSL_CONF=/opt/cbnca/etc/cbn-openssl.conf ./apps/openssl smime > -decrypt -recip /tmp/ldaptest-cert.pem -engine pkcs11 -inkey slot_0 > -keyform engine -in /tmp/encrypt > ENGINE LIST ADD!!!!! > NCONF_load /opt/cbnca/etc/cbn-openssl.conf > def_load /opt/cbnca/etc/cbn-openssl.conf > Section: default > psection: default > v name: openssl_conf > value: openssl_def > psection: openssl_def > v name: engines > value: engine_section > psection: engine_section > v name: pkcs11 > value: pkcs11_section > psection: pkcs11_section > v name: engine_id > value: pkcs11 > psection: pkcs11_section > v name: dynamic_path > value: /usr/lib64/engines/engine_pkcs11.so > psection: pkcs11_section > v name: MODULE_PATH > value: /usr/lib64/opensc-pkcs11.so > psection: pkcs11_section > v name: init > value: 0 > psection: pkcs11_section > v name: PIN > value: 9999 > ENGINE LIST ADD!!!!! > First ID: dynamic --- Second ID: pkcs11 > openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:287 > ENGINE LIST ADD!!!!! > First ID: dynamic --- Second ID: dynamic > NCONF_load /opt/cbnca/etc/cbn-openssl.conf > def_load /opt/cbnca/etc/cbn-openssl.conf > Section: default > psection: default > v name: openssl_conf > value: openssl_def > psection: openssl_def > v name: engines > value: engine_section > psection: engine_section > v name: pkcs11 > value: pkcs11_section > psection: pkcs11_section > v name: engine_id > value: pkcs11 > psection: pkcs11_section > v name: dynamic_path > value: /usr/lib64/engines/engine_pkcs11.so > psection: pkcs11_section > v name: MODULE_PATH > value: /usr/lib64/opensc-pkcs11.so > psection: pkcs11_section > v name: init > value: 0 > psection: pkcs11_section > v name: PIN > value: 9999 > ENGINE LIST ADD!!!!! > First ID: dynamic --- Second ID: pkcs11 > First ID: pkcs11 --- Second ID: pkcs11 > Auto configuration failed > 139807017879192:error:26078067:engine > routines:ENGINE_LIST_ADD:conflicting engine id:eng_list.c:119: > 139807017879192:error:2606906E:engine routines:ENGINE_add:internal list > error:eng_list.c:291: > 139807017879192:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting > engine id:eng_dyn.c:540: > 139807017879192:error:260BC066:engine > routines:INT_ENGINE_CONFIGURE:engine configuration > error:eng_cnf.c:204:section=pkcs11_section, name=dynamic_path, > value=/usr/lib64/engines/engine_pkcs11.so > 139807017879192:error:0E07606D:configuration file > routines:MODULE_RUN:module initialization > error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 > > > Any idea why it would be doing that? >
Check to see if the PKCS#11 ENGINE is loading the config file internally. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
