Hi all!
curl is unable to load non-default openssl engines, because openssl isn't initialized properly. This seems to require OpenSSL_config() or CONF_modules_load_file() to be used by libcurl but the first seems to not work and we've gotten not reports from tests with the latter. Possibly we need to discuss with OpenSSL developers how this is supposed to be done. We need users with actual external openssl engines for testing to work on this. http://curl.haxx.se/bug/view.cgi?id=1208 I try to add OpenSSL_config(NULL) in openssl backeend initialization code and it work perfectly for on Ubuntu 12.04(x86_64) and armv5te(old OMAP). So seems that "but the first seems to not work" is not correct. OpenSSL: OpenSSL 1.0.1 14 Mar 2012 built on: Fri May 2 20:24:44 UTC 2014 platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa, --noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/usr/lib/ssl" Curl: curl 7.37.0-DEV (x86_64-unknown-linux-gnu) libcurl/7.37.0-DEV OpenSSL/1.0.1 zlib/1.2.3.4 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP Best Regards, Dmitry!
From 2610b3f8b620e2c6a6fe10507b88466cfb170d0d Mon Sep 17 00:00:00 2001 From: Dmitry Falko <[email protected]> Date: Mon, 2 Jun 2014 13:44:55 +0400 Subject: [PATCH 25/25] Load of OpenSSL default config file KNOWN_BUG #83 curl is unable to load non-default openssl engines, because openssl isn't initialized properly. Add OpenSSL_config(NULL) to initialize OpenSSL properly. --- lib/vtls/openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 0e9c8f0..d2bd5e0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -730,6 +730,9 @@ int Curl_ossl_init(void) { #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_load_builtin_engines(); + + /* Load default OpenSSL config */ + OPENSSL_config(NULL); #endif /* Lets get nice error messages */ -- 1.7.9.5
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
