Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello! On Fri, May 18, 2018 at 04:36:53AM -0400, Anderson Sasaki wrote: > Hello, > > > The patch looks correct to me. Though it causes a segmentation > > faults within pkcs11 engine when using such loaded keys at least > > on Ubuntu 18.04 (OpenSSL 1.1.0g, pkcs11 engine from libp11 0.4.7). > >

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, > The patch looks correct to me. Though it causes a segmentation > faults within pkcs11 engine when using such loaded keys at least > on Ubuntu 18.04 (OpenSSL 1.1.0g, pkcs11 engine from libp11 0.4.7). > Segmentation faults can be reproduced with the test you've sent > earlier. > > Using

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello! On Thu, May 10, 2018 at 12:42:58PM -0400, Anderson Sasaki wrote: > Hello, > > Thanks again for the feedback. > > > In no particular order: > > > > - Should be "SSL: added ..." (no capital letter after a semicolon, > > prefer past tense). > > > > - An empty line after the summary. >

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, Thanks again for the feedback. > In no particular order: > > - Should be "SSL: added ..." (no capital letter after a semicolon, > prefer past tense). > > - An empty line after the summary. > > - Please prefer double spacing. > > - "uniNItialized" The proposed changes were applied

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello! On Fri, Apr 27, 2018 at 11:27:57AM -0400, Anderson Sasaki wrote: > Hello, > > > > > In my opinion it would be better to have nginx working with engines in > > > > both scenarios. > > > > And is not a problem to call ENGINE_init() from multiple places, since > > > > the API takes care of

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, > > > In my opinion it would be better to have nginx working with engines in > > > both scenarios. > > > And is not a problem to call ENGINE_init() from multiple places, since > > > the API takes care of this case. > > > > I'll check these statements in your next patch, but for now it > >

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello! On Thu, Apr 26, 2018 at 07:31:37PM +, Пичулин Дмитрий Николаевич wrote: > > In my opinion it would be better to have nginx working with engines in both > > scenarios. > > And is not a problem to call ENGINE_init() from multiple places, since the > > API takes care of this case. > >

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

> In my opinion it would be better to have nginx working with engines in both > scenarios. > And is not a problem to call ENGINE_init() from multiple places, since the > API takes care of this case. I'll check these statements in your next patch, but for now it seems an odd functionality to

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, Thank you for your feedback. > > # HG changeset patch > > # User Anderson Toshiyuki Sasaki > > # Date 1524670310 -7200 > > # Wed Apr 25 17:31:50 2018 +0200 > > # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1 > > # Parent

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, > The original patch was tested on the same setup: > http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html > > Do you insist that it does not work in the current state? Yes, the problem is that the automatic initialization only take place for the default engines, which

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello! On Wed, Apr 25, 2018 at 11:52:45AM -0400, Anderson Sasaki wrote: > # HG changeset patch > # User Anderson Toshiyuki Sasaki > # Date 1524670310 -7200 > # Wed Apr 25 17:31:50 2018 +0200 > # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1 > # Parent

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

The original patch was tested on the same setup: http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006151.html Do you insist that it does not work in the current state? ___ nginx-devel mailing list nginx-devel@nginx.org

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, > Typically engines initialize themselves in bind(), if not, they are > initialized by openssl.cnf ("default_algorithms"), why use "init = 0" in > your openssl config and rely this openssl engine stuff to nginx? Following the OpenSSL documentation, the application is responsible for

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Typically engines initialize themselves in bind(), if not, they are initialized by openssl.cnf ("default_algorithms"), why use "init = 0" in your openssl config and rely this openssl engine stuff to nginx? ___ nginx-devel mailing list

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello, Following there is a test using the engine_pkcs11 [0] and softhsm [1]. The key is referenced in the device using PKCS#11 URI [2]. The test was based on an existing test, ssl_engine_keys.t [0] https://github.com/OpenSC/libp11 [1] https://github.com/opendnssec/SoftHSMv2 [2]

[PATCH] SSL: Add ENGINE_init() calls before using engines.

# HG changeset patch # User Anderson Toshiyuki Sasaki # Date 1524670310 -7200 # Wed Apr 25 17:31:50 2018 +0200 # Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1 # Parent 46c0c7ef4913011f3f1e073f9ac880b07b1a8154 SSL: Add ENGINE_init() calls before using engines. It is