Hi, Why do we need to crypto_init_lib_engine() twice? Can you please take a look at init_crypto_pre:: init_crypto_pre()?
I also think crypto_init_lib_engine() should not return the engine... as won't it simpler to use ENGINE_by_id() at ssl_openssl.c::tls_ctx_load_priv_file()? Alon. On Sun, Jun 17, 2012 at 1:02 PM, Thomas Habets <tho...@habets.se> wrote: > Hi. > > Ah yes, I first made the patch to an older version where some of these > things don't apply, and then forward-ported it. > > How about this? > --------- > Add support for SSL engine loading the private key. > > Option 'engine' is used to specify the name of the engine that > will load the private key. > > For example this can be "tpm" to use the OpenSSL TPM engine module > (libengine-tpm-openssl in Debian). > > It defaults to the built-in UI methods because openssl-tpm-engine > doesn't yet support user data being sent to the callback functions. > A patch for that on its way to them. > > Some more details: > http://blog.habets.pp.se/2012/02/TPM-backed-SSL > > Signed-off-by: Thomas Habets <hab...@google.com> > > > > On 17 June 2012 01:11, Alon Bar-Lev <alon.bar...@gmail.com> wrote: >> Hello, >> >> It is a good idea. >> But first, please remove the emacs stuff. >> >> Now, I see that the ENGINE_load_builtin_engines() is already called at >> crypto_openssl.c::crypto_init_lib_engine, is there any require to >> duplicate this? >> >> There is already "engine" option, available only to polarssl, it can >> easily and correct way be used also for openssl, instead of having >> another option. >> >> What do you think? >> Alon. >> >> >> On Sun, Jun 17, 2012 at 2:50 AM, Thomas Habets <tho...@habets.se> wrote: >>> Patch attached. >>> >>> Add support for SSL engine loading the private key. >>> >>> Added option 'key-engine' specifying the name of the engine that >>> will load the private key. >>> >>> For example this can be "tpm" to use the OpenSSL TPM engine module >>> (libengine-tpm-openssl in Debian). >>> >>> It defaults to the built-in UI methods because openssl-tpm-engine >>> doesn't yet support user data being sent to the callback functions. >>> A patch for that on its way to them. >>> >>> Some more details: >>> http://blog.habets.pp.se/2012/02/TPM-backed-SSL >>> >>> Signed-off-by: Thomas Habets <hab...@google.com> >>> >>> -- >>> typedef struct me_s { >>> char name[] = { "Thomas Habets" }; >>> char email[] = { "tho...@habets.pp.se" }; >>> char kernel[] = { "Linux" }; >>> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; }; >>> char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; >>> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; >>> } me_t; >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Openvpn-devel mailing list >>> Openvpn-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel >>> > > > > -- > typedef struct me_s { > char name[] = { "Thomas Habets" }; > char email[] = { "tho...@habets.pp.se" }; > char kernel[] = { "Linux" }; > char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; }; > char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; > char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; > } me_t;
