Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Config file being ignored

261 views
Skip to first unread message

Bram Cymet

unread,
Nov 9, 2010, 4:57:53 PM11/9/10
to
Hi,

I have the following in my /etc/ssl/openssl.cnf file:

openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
SO_PATH = /usr/local/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0

[req]
distinguished_name = req_distinguished_name

[req_distinguished_name]

Yet when I try to load openssl it insists on loading
/usr/lib64/engines/libpkcs11.so instead of the files that I have specified.

If I don't have this in my config file and just specify the engine in
the openssl command line interface then it works fine.

Any idea what could be going on? Why would it seem to ignore my config.

--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752


______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Bram Cymet

unread,
Nov 9, 2010, 5:28:10 PM11/9/10
to
Here is an example of what happens if I run it from the command line
interface:

openssl
OpenSSL> engine dynamic -pre
SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/opensc-pkcs11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/usr/lib64/opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
OpenSSL> engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine


But if I try it with the given config file:

openssl
OpenSSL> engine
Error configuring OpenSSL
139855973107368:error:25066067:DSO support routines:DLFCN_LOAD:could not
load the shared
library:dso_dlfcn.c:185:filename(/usr/local/ssl/lib64/engines/libpkcs11.so):
/usr/local/ssl/lib64/engines/libpkcs11.so: cannot open shared object
file: No such file or directory
139855973107368:error:25070067:DSO support routines:DSO_load:could not
load the shared library:dso_lib.c:244:
139855973107368:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:450:
139855973107368:error:2606A074:engine routines:ENGINE_by_id:no such
engine:eng_list.c:417:id=pkcs11
139855973107368:error:260BC066:engine
routines:INT_ENGINE_CONFIGURE:engine configuration
error:eng_cnf.c:204:section=pkcs11_section, name=SO_PATH,
value=/usr/local/lib/engines/engine_pkcs11.so
139855973107368:error:0E07606D:configuration file
routines:MODULE_RUN:module initialization
error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1
error in engine

Bram Cymet

unread,
Nov 9, 2010, 5:36:27 PM11/9/10
to
Ok I am getting closer.

I can get the engine to load now with this (better) config file

openssl_conf = openssl_def
[openssl_def]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/local/lib/engines/engine_pkcs11.so


MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0

but when I got to use the engine I get:
openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:284
Auto configuration failed
23985:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine
id:eng_list.c:116:
23985:error:2606906E:engine routines:ENGINE_add:internal list
error:eng_list.c:288:
23985:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine
id:eng_dyn.c:540:
23985:error:0E07606D:configuration file routines:MODULE_RUN:module

initialization error:conf_mod.c:235:module=engines,
value=engine_section, retcode=-1

any idea why that would be happening?

0 new messages