dynamic engines in openssl.cnf

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

dynamic engines in openssl.cnf

Cornelius Koelbel
HEllo List,

I am trying to use a dynamic engine from opensc. This shall load a
module of a third party.

At the openssl command prompt everything works fine.

--snip--
OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/opensc/engine_pkcs11.so
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:/usr/local/lib/libetpkcs11.so

OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.der
 -outform DER -x509
--snip--

This is generating a cert with the key from my eToken.

But I'd like to load the engine from the config file, so that I can add
the openssl command to a script.

--snip--
[ openssl_init ]
engines = engine_section

[ engine_section ]
pkcs11          = pkcs11_engine_section

[ pkcs11_engine_section ]
init            = 1
engine_id       = pkcs11
dynamic_path    = /usr/lib/opensc/engine_pkcs11.so
module_path     = /usr/local/lib/libetpkcs11.so
--snip--
Any ideas what is wrong?
The specific module does not seem to be loaded!

I am using  openssl-0.9.7f-7.10 on FC4 an opensc 0.10.0.

Kind regards
Cornelius

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: dynamic engines in openssl.cnf

Nils Larsch
Cornelius Koelbel wrote:
...

> But I'd like to load the engine from the config file, so that I can add
> the openssl command to a script.
>
> --snip--
> [ openssl_init ]
> engines = engine_section
>
> [ engine_section ]
> pkcs11          = pkcs11_engine_section
>
> [ pkcs11_engine_section ]
> init            = 1
> engine_id       = pkcs11
> dynamic_path    = /usr/lib/opensc/engine_pkcs11.so
> module_path     = /usr/local/lib/libetpkcs11.so
> --snip--
> Any ideas what is wrong?
> The specific module does not seem to be loaded!

did you set "openssl_conf = openssl_init" in the conf ?

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: dynamic engines in openssl.cnf

Frédéric Donnat-2
In reply to this post by Cornelius Koelbel
Hi,

Here is something working fine in 0.9.7x but failing in 0.9.8 (as far as i have tested it).

My engine name is "zencod" as you could see.

        openssl_conf = openssl_init

        [ openssl_init ]
        # Extra OBJECT IDENTIFIER info:
        #oid_file               = $ENV::HOME/.oid
        oid_section             = new_oids
        engines                 = engine_section

        # Load 'zencod' ENGINE
        [ engine_section ]
        zencod = zencod_section

        [ zencod_section ]
        # classic 'dynamic' ENGINE ctrl commands
        dynamic_path = /usr/local/ossl-0.9.7h/lib/engines/libzencod-0.9.7.so
        engine_id = zencod
        # 'zencod' specific one
        ALGO = "SYM"


Just put thing like that at the beginning of you openssl.cnf file.
PS: the ALGO is one of our specific command. ;)

Hope it could help.

Fred


-----Original Message-----
From: Nils Larsch [mailto:[hidden email]]
Sent: Mon 11/14/2005 8:23 PM
To: [hidden email]
Cc:
Subject: Re: dynamic engines in openssl.cnf
Cornelius Koelbel wrote:
...

> But I'd like to load the engine from the config file, so that I can add
> the openssl command to a script.
>
> --snip--
> [ openssl_init ]
> engines = engine_section
>
> [ engine_section ]
> pkcs11          = pkcs11_engine_section
>
> [ pkcs11_engine_section ]
> init            = 1
> engine_id       = pkcs11
> dynamic_path    = /usr/lib/opensc/engine_pkcs11.so
> module_path     = /usr/local/lib/libetpkcs11.so
> --snip--
> Any ideas what is wrong?
> The specific module does not seem to be loaded!

did you set "openssl_conf = openssl_init" in the conf ?

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]