<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><span style="font-family:arial,sans-serif">On 10 August 2016 at 15:31, Jakob Bohm </span><span dir="ltr" style="font-family:arial,sans-serif"><<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>></span><span style="font-family:arial,sans-serif"> wrote:</span></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I am not part of the OpenSSL team and have no idea what their<br>
thinking or suggestions are.<br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Thanks for responding!</div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
However the following should be a generic workaround:<br>
<br>
1. Create a third engine3 which loads both engine1 and engine2<br>
internally (<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"></div>without going through OpenSSL and its locks).<br>
So for example engine3->init calls both engine2->init and<br>
engine1->init.<br>
<br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">I don't understand how engine3 could be initialised "</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"></div>without going through OpenSSL and its locks<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">" as it's OpenSSL taking the lock whenever initialising _every_ engine. Also when I call `ENGINE_init()` (indirectly, somewhere deep inside engine1), the implementation of </div><span style="font-family:arial,helvetica,sans-serif">`ENGINE_init()`<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"> takes the engine lock. as well which is the source of the problem.</div></span></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
2. engine3 would export/provide all the methods from engine1<br>
and engine2 by forwarding or reexporting the calls.<br>
<br>
3. OpenSSL itself is instructed to use only your engine3<br>
wrapper.<br>
<br>
4. As a more ambitious project, someone could write a generic<br>
"engine3" which loads a list of actual engines from a config<br>
file.<br>
<br>
At the OpenSSL design level, the OpenSSL team might extend the<br>
OPENSSL_SSL_CLIENT_ENGINE_AUTO<wbr>variable to accept a<br>
colon-separatedlist of engines rather than just a single engine.<br>
<br><br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">That sounds interesting but engines in general (and specifically in my case) are independent of each other and in different situations I may want to load one but not the other (for example when testing). But I guess that would be a matter of moving the configuration control from where I have it now into whatever mechanism OpenSSL could have (as proposed above).</div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><br></div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Thanks,</div></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Kris</div> </div></div><br></div></div>