>On 8/7/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
>Try using engine "dynamic" instead of "pkcs11" or you might need to use
everything >in one go...not sure anymore how this dynamic stuff
works...Something
Fails :(
-----
OpenSSL> req -engine dynamic -new -key id_45 -keyform engine -out
req.pem-text -x509
engine "dynamic" set.
unable to load Private Key
18146:error:26096075:engine routines:ENGINE_load_private_key:not
initialised:eng_pkey.c:100:
error in req
OpenSSL>
-----
Using everything at one go gives an error:
-----
OpenSSL> engine dynamic -pre
SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/home/sk211688/lib/opensc-
pkcs11.soreq -engine pkcs11 -new -key id_45 -keyform engine -out
req.pem -text -x509
usage: engine opts [engine ...]
-v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'
-vv will additionally display each command's description
-vvv will also add the input flags for each command
-vvvv will also show internal input flags
-c - for each engine, also list the capabilities
-t[t] - for each engine, check that they are really available
-tt will display error trace for unavailable engines
-pre <cmd> - runs command 'cmd' against the ENGINE before any attempts
to load it (if -t is used)
-post <cmd> - runs command 'cmd' against the ENGINE after loading it
(only used if -t is also provided)
NB: -pre and -post will be applied to all ENGINEs supplied on the command
line, or all supported ENGINEs if none are specified.
Eg. '-pre "SO_PATH:/lib/libdriver.so"' calls command "SO_PATH" with
argument "/lib/libdriver.so".
error in engine
OpenSSL>
------
Here's something strange (I think it's strange): the new version of openssl
that I've installed gives the following ldd output:
$ ldd ./openssl
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd.so.1 => /usr/lib/libmd.so.1
libscf.so.1 => /usr/lib/libscf.so.1
libuutil.so.1 => /usr/lib/libuutil.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libm.so.2 => /usr/lib/libm.so.2
/platform/SUNW,Sun-Fire-V215/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V215/lib/libmd_psr.so.1
But the previous version gave this output:
$ ldd ./openssl
libcrypto.so.0.9.8 => /usr/sfw/lib/libcrypto.so.0.9.8
libssl.so.0.9.8 => /usr/sfw/lib/libssl.so.0.9.8
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd.so.1 => /usr/lib/libmd.so.1
libscf.so.1 => /usr/lib/libscf.so.1
libuutil.so.1 => /usr/lib/libuutil.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libcrypto_extra.so.0.9.8 => (file not found)
libm.so.2 => /usr/lib/libm.so.2
/platform/SUNW,Sun-Fire-V215/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V215/lib/libmd_psr.so.1
It looks like the new version isn't looking for libcrypto or even libssl,
and there are no .so files at all in /home/sk211688/Desktop/openssldir/lib,
which is where the new install is. Only static libraries. This is what the
directory looks like:
$ ls
engines libcrypto.a libssl.a pkgconfig
Is this okay?
On 8/7/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
>
> Try using engine "dynamic" instead of "pkcs11" or you might need to use
> everything in one go...not sure anymore how this dynamic stuff
> works...Something like:
>
> engine dynamic -pre SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
> MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so req -engine pkcs11 -new
> -key id_45 -keyform engine -out req.pem -text -x509
>
> :S
>
> Siddhartha Kasivajhula wrote:
>
> I installed openssl (latest) and opensc (latest) in non-default locations
> and tried again, with limited success.
> It now gets past the engine dynamic... stage:
>
> -----
> $ openssl
> OpenSSL> engine dynamic -pre
> SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
> LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
> [Success]: MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so
> Loaded: (pkcs11) pkcs11 engine
> OpenSSL>
> -----
>
> But it fails at the next step:
>
> -----
> OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem-text
> -x509
> unable to load module /home/sk211688/lib/opensc- pkcs11.so
> can't use that engine
> 18952:error:80001401:Vendor defined:PKCS11_CTX_load:Unable to load PKCS#11
> module:p11_load.c:57:
> 18952:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init
> failed:eng_table.c:161:
> no engine specified
> unable to load Private Key
> error in req
> OpenSSL>
> -----
>
>
> >On 8/7/07, Douglas E. Engert < [EMAIL PROTECTED]> wrote:
> >What version of Solaris? Solaris 10 has openssl in /usr/sfw/bin and the
> libs
> >in /usr/sfw/lib.
>
> Yes, right. That's the version I was using before.
>
> >Although on my system it is OpenSSL 0.9.7d 17 Mar 2004 (+ security
> patches to 2006-09-29)
>
> Mine is 0.9.8 because I installed SunStudio 12 (from Sun's website. it's
> the latest version).
>
> You may want to set the LD_LIBRARY_PATH to point to your lib directory
> > with
> > your versions of the libcrypto.so and libssl.so
>
>
> I'm pretty sure I'd done this earlier as well, but I've set it to point
> there now.
>
>
> ------------------------------
>
> _______________________________________________
> opensc-devel mailing list
> [email protected]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
> --
> Regards
>
> Signer: Eddy Nigg, StartCom Ltd.
> Jabber: [EMAIL PROTECTED]
> Phone: +1.213.341.0390
>
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
