Hi, I am currently struggling with setting up OpenSSL 0.9.8 (CVS head) as CA token in OpenCA. (I need 0.9.8 because of the lately added features that allow generation of Domain Controller certificates.)
I've successfully compiled OpenSSL but cannot enable engine support. In particular I'd like to be able to access my nCipher box (CHIL engine) via libhwcrhk.so. I understand that engine semantics have changed from 0.9.7 to 0.9.8, in the new version only "dynamic engine" support is included. Even though the shared libs are available, I cannot access them properly via the command line. See the tests below. Does anybody know how to use engine support in 0.9.8? I did not find anything useful in the docs or in the OpenSSL mailing list archives. Thanks, Martin ---------- Test with 0.9.7g: # /usr/local/bin/openssl genrsa -engine chil 1024 engine "chil" set. Generating RSA private key, 1024 bit long modulus ............................................................++++++ ..................++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- [...] However, with 0.9.8: # /usr/local/openssl-snap/bin/openssl genrsa -engine chil 1024 invalid engine "chil" 12852:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/local/openssl-snap/lib/engines/libchil.so): /usr/local/openssl-snap/lib/engines/libchil.so: cannot open shared object file: No such file or directory 12852:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 12852:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: 12852:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:411:id=chil 12852:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libchil.so): libchil.so: cannot open shared object file: No such file or directory 12852:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 12852:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: Generating RSA private key, 1024 bit long modulus ..........................................++++++ ...............++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- ... ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
