It's so nice that someone provided pkcs11 enginge patch. Thanks a lot, Afchine Madjlessi...
However I have one problem while compling openssl 0.9.7 beta5 with this patch on Windows 2000. I just followed the instructions described in "intall.w32" from openssl 0.9.7 beta5: 1. perl Configure VC-WIN32 => OK 2. ms\do_ms => WARNING D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5>perl util\mkdef.pl 16 libeay 1>ms\l ibeay16.def Warning: ENGINE_load_pkcs11 does not have a number assigned D:\Program\OCSP\OpenSSL\openssl-0.9.7-beta5>perl util\mkdef.pl 32 libeay 1>ms\l ibeay32.def Warning: ENGINE_load_pkcs11 does not have a number assigned 3. nmake -f ms\ntdll.mak => ERROR NMAKE : fatal error U1073: don't know how to make '.\crypto\engine\hw_pkcs11.c' Stop. Then I move all the source codes from \crypto\engine\pkcs11 to \crypto\engine\, and execute nmake -f ms\ntdll.mak again.But it still didn't work. cl /Fotmp32dll\hw_pkcs11.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 - DWIN32_LEAN_AND_MEAN -DL_END IAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll - DOPENSSL _NO_KRB5 -D_WINDLL -DOPENSSL_BUILD_SHLIBCRYPTO - c .\crypto\engine\hw_pkcs11.c hw_pkcs11.c .\crypto\engine\hw_pkcs11.c(13) : fatal error C1083: Cannot open include file: ' unistd.h': No such file or directory NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. Could anyone fix this problem? Thanks very much... [guest - Fri Dec 13 15:23:00 2002]: > Here you have the patch for pkcs11 engine for openssl 0.9.7 beta5 > This engine has been tested with apache 1.3.27 mod_ssl 2.8.12 and the > CC2000 Bull TrustWay hardware. If needed, I can provide also the patch > to use with mod_ssl and some tools to create and sign certificate > requests. > In this new release of the pkcs#11 engine, I have added just the > rsa_generate_key in the RSA_METHOD. This call permit to generate and > put the private key in the crypto hardware. load_private_key and > load_public_key engine calls are also added to this engine. > All the PKCS#11 function calls are done through C_GetFunctionList. So > the engine could be used with different pkcs#11 and token libraries. > There is also a possibility to use a remote crypto box. > > Afchine Madjlessi > ______________________________________ > [EMAIL PROTECTED] > Bull TrustWay R&D > http://www.servers.bull.com/trustway > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
