dynamic engines in openssl.cnf
HEllo List, I am trying to use a dynamic engine from opensc. This shall load a module of a third party. At the openssl command prompt everything works fine. --snip-- OpenSSL engine dynamic -pre SO_PATH:/usr/lib/opensc/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/libetpkcs11.so OpenSSL req -engine pkcs11 -new -key id_45 -keyform engine -out req.der -outform DER -x509 --snip-- This is generating a cert with the key from my eToken. But I'd like to load the engine from the config file, so that I can add the openssl command to a script. --snip-- [ openssl_init ] engines = engine_section [ engine_section ] pkcs11 = pkcs11_engine_section [ pkcs11_engine_section ] init= 1 engine_id = pkcs11 dynamic_path= /usr/lib/opensc/engine_pkcs11.so module_path = /usr/local/lib/libetpkcs11.so --snip-- Any ideas what is wrong? The specific module does not seem to be loaded! I am using openssl-0.9.7f-7.10 on FC4 an opensc 0.10.0. Kind regards Cornelius smime.p7s Description: S/MIME Cryptographic Signature
Re: dynamic engines in openssl.cnf
Cornelius Koelbel wrote: ... But I'd like to load the engine from the config file, so that I can add the openssl command to a script. --snip-- [ openssl_init ] engines = engine_section [ engine_section ] pkcs11 = pkcs11_engine_section [ pkcs11_engine_section ] init= 1 engine_id = pkcs11 dynamic_path= /usr/lib/opensc/engine_pkcs11.so module_path = /usr/local/lib/libetpkcs11.so --snip-- Any ideas what is wrong? The specific module does not seem to be loaded! did you set openssl_conf = openssl_init in the conf ? Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: dynamic engines in openssl.cnf
Hi, Here is something working fine in 0.9.7x but failing in 0.9.8 (as far as i have tested it). My engine name is zencod as you could see. openssl_conf = openssl_init [ openssl_init ] # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids engines = engine_section # Load 'zencod' ENGINE [ engine_section ] zencod = zencod_section [ zencod_section ] # classic 'dynamic' ENGINE ctrl commands dynamic_path = /usr/local/ossl-0.9.7h/lib/engines/libzencod-0.9.7.so engine_id = zencod # 'zencod' specific one ALGO = SYM Just put thing like that at the beginning of you openssl.cnf file. PS: the ALGO is one of our specific command. ;) Hope it could help. Fred -Original Message- From: Nils Larsch [mailto:[EMAIL PROTECTED] Sent: Mon 11/14/2005 8:23 PM To: openssl-users@openssl.org Cc: Subject:Re: dynamic engines in openssl.cnf Cornelius Koelbel wrote: ... But I'd like to load the engine from the config file, so that I can add the openssl command to a script. --snip-- [ openssl_init ] engines = engine_section [ engine_section ] pkcs11 = pkcs11_engine_section [ pkcs11_engine_section ] init= 1 engine_id = pkcs11 dynamic_path= /usr/lib/opensc/engine_pkcs11.so module_path = /usr/local/lib/libetpkcs11.so --snip-- Any ideas what is wrong? The specific module does not seem to be loaded! did you set openssl_conf = openssl_init in the conf ? Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]