Re: [opensc-devel] Fwd: engine-pkcs11 incompatible version?

Tue, 07 Aug 2007 19:13:48 -0700

Well, this looks much better now. But is there a key on that token? How about -key 0:45 or simply -key 45 ?? 

Siddhartha Kasivajhula wrote:
>On 8/7/07, *Eddy Nigg (StartCom Ltd.)* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: >Try using engine "dynamic" instead of "pkcs11" or you might need to use everything >in one go...not sure anymore how this dynamic stuff works...Something 

Fails :(

-----

OpenSSL> req -engine dynamic -new -key id_45 -keyform engine -out 
req.pem -text -x509

engine "dynamic" set.
unable to load Private Key

18146:error:26096075:engine routines:ENGINE_load_private_key:not 
initialised:eng_pkey.c:100:

error in req
OpenSSL>
-----

Using everything at one go gives an error:

-----

OpenSSL> engine dynamic -pre 
SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 
-pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/home/sk211688/lib/opensc- 
pkcs11.so req -engine pkcs11 -new -key id_45 -keyform engine -out 
req.pem -text -x509

usage: engine opts [engine ...]
 -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'
               -vv will additionally display each command's description
               -vvv will also add the input flags for each command
               -vvvv will also show internal input flags
 -c          - for each engine, also list the capabilities
 -t[t]       - for each engine, check that they are really available
               -tt will display error trace for unavailable engines
 -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts
               to load it (if -t is used)
 -post <cmd> - runs command 'cmd' against the ENGINE after loading it
               (only used if -t is also provided)
 NB: -pre and -post will be applied to all ENGINEs supplied on the command
 line, or all supported ENGINEs if none are specified.
 Eg. '-pre "SO_PATH:/lib/libdriver.so"' calls command "SO_PATH" with
 argument "/lib/libdriver.so".
error in engine
OpenSSL>

------



Here's something strange (I think it's strange): the new version of 
openssl that I've installed gives the following ldd output:


$ ldd ./openssl
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libmd.so.1 =>    /usr/lib/libmd.so.1
        libscf.so.1 =>   /usr/lib/libscf.so.1
        libuutil.so.1 =>         /usr/lib/libuutil.so.1
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libm.so.2 =>     /usr/lib/libm.so.2
        /platform/SUNW,Sun-Fire-V215/lib/libc_psr.so.1
        /platform/SUNW,Sun-Fire-V215/lib/libmd_psr.so.1

But the previous version gave this output:

$ ldd ./openssl
        libcrypto.so.0.9.8 =>    /usr/sfw/lib/libcrypto.so.0.9.8
        libssl.so.0.9.8 =>       /usr/sfw/lib/libssl.so.0.9.8
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libmd.so.1 =>    /usr/lib/libmd.so.1
        libscf.so.1 =>   /usr/lib/libscf.so.1
        libuutil.so.1 =>         /usr/lib/libuutil.so.1
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libcrypto_extra.so.0.9.8 =>      (file not found)
        libm.so.2 =>     /usr/lib/libm.so.2
        /platform/SUNW,Sun-Fire-V215/lib/libc_psr.so.1
        /platform/SUNW,Sun-Fire-V215/lib/libmd_psr.so.1



It looks like the new version isn't looking for libcrypto or even 
libssl, and there are no .so files at all in 
/home/sk211688/Desktop/openssldir/lib, which is where the new install 
is. Only static libraries. This is what the directory looks like:


$ ls
engines      libcrypto.a  libssl.a     pkgconfig


Is this okay?





On 8/7/07, *Eddy Nigg (StartCom Ltd.)* <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


    Try using engine "dynamic" instead of "pkcs11" or you might need
    to use everything in one go...not sure anymore how this dynamic
    stuff works...Something like:

    engine dynamic -pre
    SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre
    ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
    MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so req -engine
    pkcs11 -new -key id_45 -keyform engine -out req.pem -text -x509

    :S

    Siddhartha Kasivajhula wrote:

    I installed openssl (latest) and opensc (latest) in non-default
    locations and tried again, with limited success.
    It now gets past the engine dynamic... stage:

    -----
    $ openssl
    OpenSSL> engine dynamic -pre
    SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre
    ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
    MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so
    (dynamic) Dynamic engine loading support
    [Success]: SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so
    [Success]: ID:pkcs11
    [Success]: LIST_ADD:1
    [Success]: LOAD
    [Success]: MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so
    Loaded: (pkcs11) pkcs11 engine
    OpenSSL>
    -----

    But it fails at the next step:

    -----
    OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out
    req.pem -text -x509
    unable to load module /home/sk211688/lib/opensc- pkcs11.so
    can't use that engine
    18952:error:80001401:Vendor defined:PKCS11_CTX_load:Unable to
    load PKCS#11 module:p11_load.c:57:
    18952:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init
    failed:eng_table.c:161:
    no engine specified
    unable to load Private Key
    error in req
    OpenSSL>
    -----


    >On 8/7/07, *Douglas E. Engert* < [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>> wrote:
    >What version of Solaris? Solaris 10 has openssl in /usr/sfw/bin
    and the libs
    >in /usr/sfw/lib.

    Yes, right. That's the version I was using before.

    >Although on my system it is OpenSSL 0.9.7d 17 Mar 2004 (+
    security patches to 2006-09-29)

    Mine is 0.9.8 because I installed SunStudio 12 (from Sun's
    website. it's the latest version).

        You may want to set the LD_LIBRARY_PATH to point to your lib
        directory with
        your versions of the libcrypto.so and  libssl.so


    I'm pretty sure I'd done this earlier as well, but I've set it to
    point there now.


    ------------------------------------------------------------------------

    _______________________________________________
    opensc-devel mailing list

    opensc-devel@lists.opensc-project.org 
<mailto:opensc-devel@lists.opensc-project.org>
    http://www.opensc-project.org/mailman/listinfo/opensc-devel
     <http://www.opensc-project.org/mailman/listinfo/opensc-devel>



    -- 
    Regards
     
    Signer:      Eddy Nigg, StartCom Ltd.

    Jabber:      [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
    Phone:       +1.213.341.0390


------------------------------------------------------------------------

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


--
Regards

Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      [EMAIL PROTECTED]
Phone:       +1.213.341.0390

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel




























					Reply via email to