Hello! On Mon, Aug 19, 2019 at 07:35:57PM +0200, Vincent Chen wrote:
> Hi, > > I am trying to implement an openssl (1.1.1c) engine. However, after the > openssl is initialized by nginx 1.17.2, the engine does not initialized > properly. When I am using 'openssl' command it works file. > > After a bit debugging, I realized that nginx 1.17.2 initialize openssl > with function call 'OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)'. > However, inside openssl function OPENSSL_init_crypto() (called from > OPENSSL_init_ssl), it needs the following flags to register all openssl > functions: > ``` > > if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN > > | OPENSSL_INIT_ENGINE_OPENSSL > > | OPENSSL_INIT_ENGINE_AFALG)) { > > ENGINE_register_all_complete(); > > } > > ``` > > The easiest way to fix this issue is to initialize openssl with > multiple flags like 'OPENSSL_INIT_LOAD_CONFIG > | OPENSSL_INIT_ENGINE_ALL_BUILTIN'. Will there be a fix in near future > about this issue? Unlikely. To load engines, you can use OpenSSL config, or the "ssl_engine" directive in nginx configuration, see http://nginx.org/r/ssl_engine. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx