Yes, almost :) Won't it better to call ENGINE_init at setup_engine() or at try_load_engine() instead of at tls_ctx_load_priv_file()? It is just that tls_ctx_load_priv_file() can be called more than once, while the init should be called once, right? Are you sure all works well if engine is not statically linked? What about ENGINE_finish() at proper place?
Thank you for your patience, Alon Bar-Lev. On Sun, Jun 17, 2012 at 11:53 PM, Thomas Habets <tho...@habets.se> wrote: > Hi. > > Need? No. I thought you preferred reusing the loaded/inited ENGINE > struct cached by existing code instead of creating a new one. > > Is the attached patch what you had in mind? > > (same description/sign-off) > > Regards, > Thomas > > > On 17 June 2012 12:12, Alon Bar-Lev <alon.bar...@gmail.com> wrote: >> Hi, >> >> Why do we need to crypto_init_lib_engine() twice? Can you please take >> a look at init_crypto_pre:: init_crypto_pre()? >> >> I also think crypto_init_lib_engine() should not return the engine... >> as won't it simpler to use ENGINE_by_id() at >> ssl_openssl.c::tls_ctx_load_priv_file()? >> >> Alon. >> >> On Sun, Jun 17, 2012 at 1:02 PM, Thomas Habets <tho...@habets.se> wrote: >>> Hi. >>> >>> Ah yes, I first made the patch to an older version where some of these >>> things don't apply, and then forward-ported it. >>> >>> How about this? >>> --------- >>> Add support for SSL engine loading the private key. >>> >>> Option 'engine' is used to specify the name of the engine that >>> will load the private key. >>> >>> For example this can be "tpm" to use the OpenSSL TPM engine module >>> (libengine-tpm-openssl in Debian). >>> >>> It defaults to the built-in UI methods because openssl-tpm-engine >>> doesn't yet support user data being sent to the callback functions. >>> A patch for that on its way to them. >>> >>> Some more details: >>> http://blog.habets.pp.se/2012/02/TPM-backed-SSL >>> >>> Signed-off-by: Thomas Habets <hab...@google.com> >>> >>> >>> >>> On 17 June 2012 01:11, Alon Bar-Lev <alon.bar...@gmail.com> wrote: >>>> Hello, >>>> >>>> It is a good idea. >>>> But first, please remove the emacs stuff. >>>> >>>> Now, I see that the ENGINE_load_builtin_engines() is already called at >>>> crypto_openssl.c::crypto_init_lib_engine, is there any require to >>>> duplicate this? >>>> >>>> There is already "engine" option, available only to polarssl, it can >>>> easily and correct way be used also for openssl, instead of having >>>> another option. >>>> >>>> What do you think? >>>> Alon. >>>> >>>> >>>> On Sun, Jun 17, 2012 at 2:50 AM, Thomas Habets <tho...@habets.se> wrote: >>>>> Patch attached. >>>>> >>>>> Add support for SSL engine loading the private key. >>>>> >>>>> Added option 'key-engine' specifying the name of the engine that >>>>> will load the private key. >>>>> >>>>> For example this can be "tpm" to use the OpenSSL TPM engine module >>>>> (libengine-tpm-openssl in Debian). >>>>> >>>>> It defaults to the built-in UI methods because openssl-tpm-engine >>>>> doesn't yet support user data being sent to the callback functions. >>>>> A patch for that on its way to them. >>>>> >>>>> Some more details: >>>>> http://blog.habets.pp.se/2012/02/TPM-backed-SSL >>>>> >>>>> Signed-off-by: Thomas Habets <hab...@google.com> >>>>> >>>>> -- >>>>> typedef struct me_s { >>>>> char name[] = { "Thomas Habets" }; >>>>> char email[] = { "tho...@habets.pp.se" }; >>>>> char kernel[] = { "Linux" }; >>>>> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; }; >>>>> char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; >>>>> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; >>>>> } me_t; >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Live Security Virtual Conference >>>>> Exclusive live event will cover all the ways today's security and >>>>> threat landscape has changed and how IT managers can respond. Discussions >>>>> will include endpoint security, mobile security and the latest in malware >>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>>> _______________________________________________ >>>>> Openvpn-devel mailing list >>>>> Openvpn-devel@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel >>>>> >>> >>> >>> >>> -- >>> typedef struct me_s { >>> char name[] = { "Thomas Habets" }; >>> char email[] = { "tho...@habets.pp.se" }; >>> char kernel[] = { "Linux" }; >>> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; }; >>> char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" }; >>> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" }; >>> } me_t;
