Yes i am using the right format as in document. If I do not, there will be error logs.
ssl_certificate <full path to my certificate file>;
ssl_certificate_key engine:<my engine id>:<full patch to my key file>;
I also see my binder function is called by openssl. However, my crypto functions inside engine shared library never get called.
As soon as I change openssl initialize to force OPENSSL_init_crypto() to call ENGINE_register_all_complete(), then everyting is working as expected.
BTW, if I use builtin openssl comand 'openssl s_server' to launch a simple webserver it works fine. Inside the command it use the flag '
OPENSSL_INIT_ENGINE_ALL_BUILTIN| OPENSSL_INIT_LOAD_CONFIG' to call OPENSSL_init_ssl().
Vincent Chen
Sent: Monday, August 19, 2019 at 6:32 PM
From: "Maxim Dounin" <mdou...@mdounin.ru>
To: nginx@nginx.org
Subject: Re: openssl engine is not initialized properly
From: "Maxim Dounin" <mdou...@mdounin.ru>
To: nginx@nginx.org
Subject: Re: openssl engine is not initialized properly
Hello!
On Mon, Aug 19, 2019 at 07:35:57PM +0200, Vincent Chen wrote:
> Hi,
>
> I am trying to implement an openssl (1.1.1c) engine. However, after the
> openssl is initialized by nginx 1.17.2, the engine does not initialized
> properly. When I am using 'openssl' command it works file.
>
> After a bit debugging, I realized that nginx 1.17.2 initialize openssl
> with function call 'OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)'.
> However, inside openssl function OPENSSL_init_crypto() (called from
> OPENSSL_init_ssl), it needs the following flags to register all openssl
> functions:
> ```
>
> if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
>
> | OPENSSL_INIT_ENGINE_OPENSSL
>
> | OPENSSL_INIT_ENGINE_AFALG)) {
>
> ENGINE_register_all_complete();
>
> }
>
> ```
>
> The easiest way to fix this issue is to initialize openssl with
> multiple flags like 'OPENSSL_INIT_LOAD_CONFIG
> | OPENSSL_INIT_ENGINE_ALL_BUILTIN'. Will there be a fix in near future
> about this issue?
Unlikely. To load engines, you can use OpenSSL config, or the
"ssl_engine" directive in nginx configuration, see
http://nginx.org/r/ssl_engine.
--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Mon, Aug 19, 2019 at 07:35:57PM +0200, Vincent Chen wrote:
> Hi,
>
> I am trying to implement an openssl (1.1.1c) engine. However, after the
> openssl is initialized by nginx 1.17.2, the engine does not initialized
> properly. When I am using 'openssl' command it works file.
>
> After a bit debugging, I realized that nginx 1.17.2 initialize openssl
> with function call 'OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)'.
> However, inside openssl function OPENSSL_init_crypto() (called from
> OPENSSL_init_ssl), it needs the following flags to register all openssl
> functions:
> ```
>
> if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
>
> | OPENSSL_INIT_ENGINE_OPENSSL
>
> | OPENSSL_INIT_ENGINE_AFALG)) {
>
> ENGINE_register_all_complete();
>
> }
>
> ```
>
> The easiest way to fix this issue is to initialize openssl with
> multiple flags like 'OPENSSL_INIT_LOAD_CONFIG
> | OPENSSL_INIT_ENGINE_ALL_BUILTIN'. Will there be a fix in near future
> about this issue?
Unlikely. To load engines, you can use OpenSSL config, or the
"ssl_engine" directive in nginx configuration, see
http://nginx.org/r/ssl_engine.
--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
