Engines on Mac OS X

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Engines on Mac OS X

Thomás Inskip
Hi.

I am trying to develop an engine for OpenSSL. To this effect I have built OpenSSL 1.1.0i for Darwin.  However, when I try to load any engine, including capi, which is installed as part of OpenSSL, I get the following:

openssl engine -t -c capi

140735831704448:error:260B606D:engine routines:dynamic_load:init failed:crypto/engine/eng_dyn.c:485:

140735831704448:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=capi


Now, before I go digging too deep, I was wondering if anyone else has dealt with this issue and might be able to throw me a bone.

Thanks!

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Thomás Inskip
Never mind.  My binding entry point was misbehaving.

The capi engine is still broken, however.


On Sun, Sep 2, 2018 at 1:51 AM Thomás Inskip <[hidden email]> wrote:
Hi.

I am trying to develop an engine for OpenSSL. To this effect I have built OpenSSL 1.1.0i for Darwin.  However, when I try to load any engine, including capi, which is installed as part of OpenSSL, I get the following:

openssl engine -t -c capi

140735831704448:error:260B606D:engine routines:dynamic_load:init failed:crypto/engine/eng_dyn.c:485:

140735831704448:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=capi


Now, before I go digging too deep, I was wondering if anyone else has dealt with this issue and might be able to throw me a bone.

Thanks!

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

OpenSSL - User mailing list

>The capi engine is still broken, however

 

That is windows-only, using the MSFT CryptoAPI.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Thomás Inskip
Gotcha. But why doesn't it work on Mac?  

On Sun, Sep 2, 2018, 2:22 PM Salz, Rich via openssl-users <[hidden email]> wrote:

>The capi engine is still broken, however

 

That is windows-only, using the MSFT CryptoAPI.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

OpenSSL - User mailing list
  • Gotcha. But why doesn't it work on Mac?  

 

The CAPI engine uses Microsoft libraries that are part of windows.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Blumenthal, Uri - 0553 - MITLL
On Sep 2, 2018, at 20:02, Salz, Rich via openssl-users <[hidden email]> wrote:
  • Gotcha. But why doesn't it work on Mac?  
 
The CAPI engine uses Microsoft libraries that are part of windows.

Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build process exclude it automatically?


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Thomás Inskip
In reply to this post by OpenSSL - User mailing list
What's Windows?  Why doesn't it work like my Mac?

(I wasnt serious but thanks for being a sport)

On Sep 2, 2018 5:02 PM, "Salz, Rich" <[hidden email]> wrote:
  • Gotcha. But why doesn't it work on Mac?  

 

The CAPI engine uses Microsoft libraries that are part of windows.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

OpenSSL - User mailing list
In reply to this post by Blumenthal, Uri - 0553 - MITLL

>Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build process exclude it automatically?

 

Beats me.  It ends up being a zero-length object file, more or less.  Perhaps Richard Levitte knows.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Matt Caswell-2


On 03/09/18 14:56, Salz, Rich via openssl-users wrote:
> *>*Gotcha. In that case why does it get built on Mac? I.e., why doesn’t
> the build process exclude it automatically?
>
>  
>
> Beats me.  It ends up being a zero-length object file, more or less. 
> Perhaps Richard Levitte knows.

It skips building it completely if configured with no-engine,
no-dynamic-engine or no-capieng. Otherwise it will attempt the build.
Inside e_capi.c it performs various compile time checks to determine
whether its got everything it needs to produce the engine. If it doesn't
then it just ends up building a dummy engine that doesn't do anything.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Richard Levitte - VMS Whacker-2
In reply to this post by OpenSSL - User mailing list
In message <[hidden email]> on Mon, 3 Sep 2018 13:56:41 +0000, "Salz, Rich" <[hidden email]> said:

> > Gotcha. In that case why does it get built on Mac? I.e., why
> > doesn’t the build process exclude it automatically?
>
> Beats me. It ends up being a zero-length object file, more or
> less. Perhaps Richard Levitte knows.

We've made it conditional in the source file rather than the build
configuration, so on non-MSWindows platforms, it becomes a minimal
shared object with an entry point that fails unconditionally.

We should obviously rethink that strategy...

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Blumenthal, Uri - 0553 - MITLL
If it builds a dummy engine - then shouldn't a dummy engine respond gracefully to requests with something like "sorry I can't do anything useful", instead of spitting outa puke of error messages in response to "openssl engine -t capi"?

Regards,
Uri

Sent from my iPhone

> On Sep 3, 2018, at 12:27, Richard Levitte <[hidden email]> wrote:
>
> In message <[hidden email]> on Mon, 3 Sep 2018 13:56:41 +0000, "Salz, Rich" <[hidden email]> said:
>
>>> Gotcha. In that case why does it get built on Mac? I.e., why
>>> doesn’t the build process exclude it automatically?
>>
>> Beats me. It ends up being a zero-length object file, more or
>> less. Perhaps Richard Levitte knows.
>
> We've made it conditional in the source file rather than the build
> configuration, so on non-MSWindows platforms, it becomes a minimal
> shared object with an entry point that fails unconditionally.
>
> We should obviously rethink that strategy...
>
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Engines on Mac OS X

Blumenthal, Uri - 0553 - MITLL
Ouch... Spelling Corrector doing is best. The text below should've been:

"... spitting out a pile of error..."

Oh well. Hard to admit, but sometimes automatic correctors are even more eloquent than me, and seem freeer in their choice of words too. ;-)

Regards,
Uri

Sent from my iPhone

> On Sep 3, 2018, at 14:31, Blumenthal, Uri - 0553 - MITLL <[hidden email]> wrote:
>
> If it builds a dummy engine - then shouldn't a dummy engine respond gracefully to requests with something like "sorry I can't do anything useful", instead of spitting outa puke of error messages in response to "openssl engine -t capi"?
>
> Regards,
> Uri
>
> Sent from my iPhone
>
>> On Sep 3, 2018, at 12:27, Richard Levitte <[hidden email]> wrote:
>>
>> In message <[hidden email]> on Mon, 3 Sep 2018 13:56:41 +0000, "Salz, Rich" <[hidden email]> said:
>>
>>>> Gotcha. In that case why does it get built on Mac? I.e., why
>>>> doesn’t the build process exclude it automatically?
>>>
>>> Beats me. It ends up being a zero-length object file, more or
>>> less. Perhaps Richard Levitte knows.
>>
>> We've made it conditional in the source file rather than the build
>> configuration, so on non-MSWindows platforms, it becomes a minimal
>> shared object with an entry point that fails unconditionally.
>>
>> We should obviously rethink that strategy...
>>
>> Cheers,
>> Richard
>>
>> --
>> Richard Levitte         [hidden email]
>> OpenSSL Project         http://www.openssl.org/~levitte/
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (7K) Download Attachment