[openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine
deengert@gmail.com via RT
rt at openssl.org
Fri Jan 15 22:09:50 UTC 2016
req.c (and many of the other apps) appear to have lost the ability to use an engine.
The attached diff is against the github.com verison using Tag OpenSSL_1_1-pre2
In the req_options[] table:
OPT_KEY is set to "S" so pre- checking of the parameters does not drop the string passed to the engine.
OPT_KEY_FORM is set to "f" so pre-checking will allow engine
The engine is saved:
e = setup_engine(opt_arg(), 1);
(I turned on debug, may want that off. )
to allow the theOPT_KEY_FORM to be an engine:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER|OPT_FMT_ENGINE, &keyform))
This was tested with a modified version of OpenSC using ECDSA key on card to generate a self signed certificate.
openssl req -config /tmp/genreq.6156.openssl.conf -engine pkcs11 -keyform e -sha256 -new -key slot_1-id_2 -out /tmp/selfsigned.pem -x509 -text
P.S. The EC_KEY_* functions appear to be working too (#4225) Have not tried the ECDH yet.
-- Douglas E. Engert <DEEngert at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: req.c.diff
Type: text/x-patch
Size: 1418 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160115/c0b86afe/attachment-0001.bin>
More information about the openssl-dev
mailing list