Problem with engine_pkcs11

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Problem with engine_pkcs11

Bram Cymet
I sent this to the openssl mail list but I think it would be appropriate to send it here as well.

I am trying to use engine_pkcs11 and I am running into some problems.

Then I go to use the engine I get:

openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:284
Auto configuration failed
23985:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine 
id:eng_list.c:116:
23985:error:2606906E:engine routines:ENGINE_add:internal list 
error:eng_list.c:288:
23985:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine 
id:eng_dyn.c:540:
23985:error:0E07606D:configuration file routines:MODULE_RUN:module 
initialization error:conf_mod.c:235:module=engines, 
value=engine_section, retcode=-1
Any idea why this would be happening?

See below for more info.

Thanks,

Bram Cymet

-------- Original Message --------
Subject: Re: Config file being ignored
Date: Tue, 09 Nov 2010 17:36:27 -0500
From: Bram Cymet [hidden email]
Reply-To: [hidden email]
To: [hidden email]


 Ok I am getting closer.

I can get the engine to load now with this (better) config file

openssl_conf       = openssl_def
[openssl_def]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/local/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/lib64/opensc-pkcs11.so
init = 0

but when I got to use the engine I get:
openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:284
Auto configuration failed
23985:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine 
id:eng_list.c:116:
23985:error:2606906E:engine routines:ENGINE_add:internal list 
error:eng_list.c:288:
23985:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine 
id:eng_dyn.c:540:
23985:error:0E07606D:configuration file routines:MODULE_RUN:module 
initialization error:conf_mod.c:235:module=engines, 
value=engine_section, retcode=-1

any idea why that would be happening?


On 11/09/2010 05:28 PM, Bram Cymet wrote:
>  Here is an example of what happens if I run it from the command line 
> interface:
>
> openssl
> OpenSSL> engine dynamic -pre 
> SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre 
> LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/opensc-pkcs11.so
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
> [Success]: MODULE_PATH:/usr/lib64/opensc-pkcs11.so
> Loaded: (pkcs11) pkcs11 engine
> OpenSSL> engine
> (dynamic) Dynamic engine loading support
> (pkcs11) pkcs11 engine
>
>
> But if I try it with the given config file:
>
> openssl
> OpenSSL> engine
> Error configuring OpenSSL
> 139855973107368:error:25066067:DSO support routines:DLFCN_LOAD:could 
> not load the shared 
> library:dso_dlfcn.c:185:filename(/usr/local/ssl/lib64/engines/libpkcs11.so): 
> /usr/local/ssl/lib64/engines/libpkcs11.so: cannot open shared object 
> file: No such file or directory
> 139855973107368:error:25070067:DSO support routines:DSO_load:could not 
> load the shared library:dso_lib.c:244:
> 139855973107368:error:260B6084:engine routines:DYNAMIC_LOAD:dso not 
> found:eng_dyn.c:450:
> 139855973107368:error:2606A074:engine routines:ENGINE_by_id:no such 
> engine:eng_list.c:417:id=pkcs11
> 139855973107368:error:260BC066:engine 
> routines:INT_ENGINE_CONFIGURE:engine configuration 
> error:eng_cnf.c:204:section=pkcs11_section, name=SO_PATH, 
> value=/usr/local/lib/engines/engine_pkcs11.so
> 139855973107368:error:0E07606D:configuration file 
> routines:MODULE_RUN:module initialization 
> error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1
> error in engine
>
>
> On 11/09/2010 04:57 PM, Bram Cymet wrote:
>>  Hi,
>>
>> I have the following in my /etc/ssl/openssl.cnf file:
>>
>> openssl_conf            = openssl_def
>>
>> [openssl_def]
>> engines = engine_section
>>
>> [engine_section]
>> pkcs11 = pkcs11_section
>>
>> [pkcs11_section]
>> engine_id = pkcs11
>> SO_PATH = /usr/local/lib/engines/engine_pkcs11.so
>> MODULE_PATH = /usr/lib64/opensc-pkcs11.so
>> init = 0
>>
>> [req]
>> distinguished_name = req_distinguished_name
>>
>> [req_distinguished_name]
>>
>> Yet when I try to load openssl it insists on loading  
>> /usr/lib64/engines/libpkcs11.so instead of the files that I have 
>> specified.
>>
>> If I don't have this in my config file and just specify the engine in 
>> the openssl command line interface then it works fine.
>>
>> Any idea what could be going on? Why would it seem to ignore my config.
>>
>
>


-- 
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user