Hi all !
This is my first mail to openssl mailing list.
I have a
problem with statically linked openSSL library and GOST crypto engine. Openssl
1.0.0g
I have
simple client/server application using GOST keys and certificates. It works
fine with GOST keys but only if I use dynamically linked version of openSSL
library. If I try to use statically linked openSSL I got an error message.
This is
how I initialized openSSL library:
OPENSSL_config("correct
config file path");
SSL_library_init();
SSL_load_error_strings();
When I try
to read certificate file I got an error.
SSL_CTX_use_certificate_chain_file(ctx,
CERTFILE)
Return
value here is not 1. So this is an error.
The human
readable error message is:
3084809868:error:0609E09C:digital
envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
3084809868:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported
algorithm:x_pubkey.c:155: 3084809868:error:140BF10C:SSL
routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
When I use
the same code with dynamically linked openSSL library with external GOST engine
library everything works fine. So what is the difference between static and
dynamic
version? The only idea that I have at this time that my library initialization
sequence is wrong.
I checked
symbols in the compiled libcrypto.a library.
nm ./libcrypto.a | grep gost
This
command gave me output with many GOST function which were included to
libcrypto.a library. So I think that library was compiled properly and all GOST
engine functions were included in the static library.
"Unsupported
algorithm" error message means that GOST functions was not initialized
properly. The question is: how properly initialize engines with statically
linked openSSL?
Is it possible to use engines and statically linked openssl library in general?
Best Regards
Xidex
