[email protected] (John Klos) writes:
>I erroneously thought that if pseudo-device crypto wasn't in the kernel,
>crypto would be done in userland. That's not the case:
>openssl s_client -debug -connect 192.80.49.7:443
>Could not open /dev/crypto: Device not configured
Crypto is done in userland. The error message comes from initializing all
builtin crypto engines, whether they get used or not.
% openssl engine
(devcrypto) /dev/crypto engine
(dynamic) Dynamic engine loading support
This also means that openssl (the library, not the command) eats one file
descriptor if /dev/crypto exists.
Only ENOENT is suppressed, deleting the /dev/crypto entry makes the
error message go away. You could expand that to also hide ENXIO or
rewrite devcrypto as a dynamic engine.
--
--
Michael van Elst
Internet: [email protected]
"A potential Snark may lurk in every tree."
