Dr. Stephen Henson
Tue, 09 Feb 2010 06:30:48 -0800
On Mon, Feb 08, 2010, Dmitry Ivanov wrote: > Hi there! > > I downloaded a snapshot of openssl (20100208) and successfully > compiled it with the following options: > > ./config --prefix=/usr/local/ --openssldir=/usr/local/openssl/ shared > > and then installed it. > > Since I'm interested in the gost engine I configured it in > openssl.conf as follows: > > openssl_conf = openssl_def > > [openssl_def] > engines = engine_section > > [engine_section] > gost = gost_section > > [gost_section] > engine_id = gost > dynamic_path = /usr/local/lib/engines/libgost.so > default_algorithms = ALL > > The problem is, that openssl doesn't seem to be able to load the > engine on first attempt: > > OpenSSL> engine > Error configuring OpenSSL > 3078542984:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd > name:eng_ctrl.c:134: > 3078542984:error:260AB089:engine > routines:ENGINE_ctrl_cmd_string:invalid cmd name:eng_ctrl.c:316: > 3078542984:error:0E07606D:configuration file > routines:MODULE_RUN:module initialization > error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 > error in engine > OpenSSL> engine > (dynamic) Dynamic engine loading support > (gost) Reference implementation of GOST engine > > Note that on second attempt the engine loads fine and I see all the > supported ciphers including the gost's ones. > > OpenSSL> ciphers > ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:GOST2001-GOST89-GOST89:GOST94-GOST89-GOST89:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 > > > I have no idea what could be wrong. Any pointers? >
Hmm that error indicates a problem elsewhere in the configuration file. I tried today's snapshot and it worked fine. I've improved the error logging for that code now. Either try tomorrow's snapshot, current cvs HEAD or just apply this patch: http://cvs.openssl.org/chngview?cn=19261 That should log the line causing the problem. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org