Hi all!

curl is unable to load non-default openssl engines, because openssl isn't
initialized properly. This seems to require OpenSSL_config() or
CONF_modules_load_file() to be used by libcurl but the first seems to not
work and we've gotten not reports from tests with the latter. Possibly we
need to discuss with OpenSSL developers how this is supposed to be done. We
need users with actual external openssl engines for testing to work on this.
http://curl.haxx.se/bug/view.cgi?id=1208

I try to add OpenSSL_config(NULL) in openssl backeend initialization code and 
it work perfectly
for on Ubuntu 12.04(x86_64) and armv5te(old OMAP). So seems that "but the first 
seems to not work"
is not correct. 

OpenSSL:

OpenSSL 1.0.1 14 Mar 2012
built on: Fri May 2 20:24:44 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security 
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions 
-Wl,-z,relro -Wa,
--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT 
-DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

Curl:
curl 7.37.0-DEV (x86_64-unknown-linux-gnu) libcurl/7.37.0-DEV OpenSSL/1.0.1 
zlib/1.2.3.4
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp 
smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

Best Regards, Dmitry!


From 2610b3f8b620e2c6a6fe10507b88466cfb170d0d Mon Sep 17 00:00:00 2001
From: Dmitry Falko <[email protected]>
Date: Mon, 2 Jun 2014 13:44:55 +0400
Subject: [PATCH 25/25] Load of OpenSSL default config file

KNOWN_BUG #83 curl is unable to load non-default
openssl engines, because openssl isn't initialized
properly. Add OpenSSL_config(NULL) to initialize
OpenSSL properly.
---
 lib/vtls/openssl.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0e9c8f0..d2bd5e0 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -730,6 +730,9 @@ int Curl_ossl_init(void)
 {
 #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
   ENGINE_load_builtin_engines();
+
+  /* Load default OpenSSL config */
+  OPENSSL_config(NULL);
 #endif
 
   /* Lets get nice error messages */
-- 
1.7.9.5

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Reply via email to