Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-05-18 Thread Anderson Sasaki
Hello, > The patch looks correct to me. Though it causes a segmentation > faults within pkcs11 engine when using such loaded keys at least > on Ubuntu 18.04 (OpenSSL 1.1.0g, pkcs11 engine from libp11 0.4.7). > Segmentation faults can be reproduced with the test you've sent > earlier. > > Using

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-05-10 Thread Anderson Sasaki
Hello, Thanks again for the feedback. > In no particular order: > > - Should be "SSL: added ..." (no capital letter after a semicolon, > prefer past tense). > > - An empty line after the summary. > > - Please prefer double spacing. > > - "uniNItialized" The proposed changes were applied

[PATCH] SSL: Set engine passed in ssl_certificate_key as default

2018-04-30 Thread Anderson Sasaki
Hello, Following there are two patches, one adding the call to set the engine as default for all methods and the other restricting the engine to be the default only for PKEY methods. For me makes sense to have the engine as default only for PKEY methods. Best Regards, Anderson # HG changeset

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-04-27 Thread Anderson Sasaki
Hello, > > > In my opinion it would be better to have nginx working with engines in > > > both scenarios. > > > And is not a problem to call ENGINE_init() from multiple places, since > > > the API takes care of this case. > > > > I'll check these statements in your next patch, but for now it > >

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-04-26 Thread Anderson Sasaki
Hello, Thank you for your feedback. > > # HG changeset patch > > # User Anderson Toshiyuki Sasaki > > # Date 1524670310 -7200 > > # Wed Apr 25 17:31:50 2018 +0200 > > # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1 > > # Parent

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-04-26 Thread Anderson Sasaki
Hello, > The original patch was tested on the same setup: > http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html > > Do you insist that it does not work in the current state? Yes, the problem is that the automatic initialization only take place for the default engines, which

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-04-25 Thread Anderson Sasaki
Hello, > Typically engines initialize themselves in bind(), if not, they are > initialized by openssl.cnf ("default_algorithms"), why use "init = 0" in > your openssl config and rely this openssl engine stuff to nginx? Following the OpenSSL documentation, the application is responsible for

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-04-25 Thread Anderson Sasaki
Hello, Following there is a test using the engine_pkcs11 [0] and softhsm [1]. The key is referenced in the device using PKCS#11 URI [2]. The test was based on an existing test, ssl_engine_keys.t [0] https://github.com/OpenSC/libp11 [1] https://github.com/opendnssec/SoftHSMv2 [2]

[PATCH] SSL: Add ENGINE_init() calls before using engines.

2018-04-25 Thread Anderson Sasaki
# HG changeset patch # User Anderson Toshiyuki Sasaki # Date 1524670310 -7200 # Wed Apr 25 17:31:50 2018 +0200 # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1 # Parent 46c0c7ef4913011f3f1e073f9ac880b07b1a8154 SSL: Add ENGINE_init() calls before using engines. It is