[OpenCA-Devel] Problems with OpenCA::OpenSSL and engine support

Wed, 26 May 2004 06:08:41 -0700 

Hi,

I am still (again) working on nCipher HSM integration. I am using the
CVS head version now and am also very happy about the lack of redundant
engine configuration. Thanks Michael!

Now my problem is that I set the ENGINE in the OpenCA::Token::nCipher::new
constructor just like in the sample implementations for Luna and OpenSC:


    my $keys = { @_ };
    $self->{CRYPTO}       = $keys->{OPENCA_CRYPTO};
    $self->{gettext}      = $keys->{GETTEXT};
    $self->{NAME}         = $keys->{OPENCA_TOKEN};
    $self->{MODE}         = $keys->{TOKEN_MODE};
[...]

    $keys->{ENGINE} = "chil -keyform engine";
    $keys->{DEBUG} = 1;

    $self->debug("Engine: " . $keys->{ENGINE});
    $self->{OPENSSL} = OpenCA::OpenSSL->new ( %{$keys} );
[...]

Unfortunately, when a crypto function is called via
OpenCA::Token::nCipher AUTOLOAD, such as genReq(), the OpenSSL
command is issued as if ENGINE was not set at all.
Debugging in OpenCA::OpenSSL revealed that the class attribute is
in fact not present in the responsible function.

If I dump self->{OPENSSL} in my module's AUTOLOAD method, I can
see that the ENGINE setting is there:

$VAR1 = bless( { 'DER_CERT' =>
'/usr/local/openca-0.9.2/var/crypto/cacerts/cacert.der', 'ENGINE' => 'chil
-keyform engine', 'gettext' => sub { "DUMMY" }, 'CONFIG' =>
'/usr/local/openca-0.9.2/etc/openssl/openssl.cnf', 'binDir' => '/usr/bin',
'errno' => undef, 'openssl' => '/usr/local/ssl/bin/openssl', 'TOKEN_MODE'
=> 'standby', 'verify' => '/usr/local/openca-0.9.2/bin/openca-sv verify',
'wrapper' => '/opt/nfast/bin/with-nfast -M', 'GETTEXT' =>
$VAR1->{'gettext'},
[...]

Any ideas?

BTW: Do OpenCA::Token::* really work? In my opinion in all modules except
OpenSSL the AUTOLOAD method are broken, because of:

my $ret = $self->{OPENSSL}->$AUTOLOAD ( @_ );

$AUTOLOAD expands to the full Package name, not only the desired
function. OpenCA::Token::OpenSSL::AUTOLOAD does it right by stripping
the $AUTOLOAD variable using s/.*:://g;


Martin



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to