[openssl-users] How to load the right engine?
Dmitry Belyavsky
beldmit at gmail.com
Wed Sep 27 07:57:03 UTC 2017
Hello,
I usually use strace for this purpose.
On Wed, Sep 27, 2017 at 12:53 AM, Blumenthal, Uri - 0553 - MITLL <
uri at ll.mit.edu> wrote:
> I’m debugging programmatic access to a (modified) pkcs11 engine. My system
> has several OpenSSL installations: Apple-provided OpenSSL-0.9.8 (kept as
> that came with the OS :), Macports-installed OpenSSL-1.0.2l (the main one
> installed to /opt/local, used by everything Macports builds, and what I use
> mostly for my software), and a couple of OpenSSL-1.1.x installations mostly
> used for debugging.
>
>
>
> Libp11 is installed in /opt/local/lib/engines, and that version is built
> for/compatible with OpenSSL-1.0.2.
>
>
>
> There’s an installation of OpenSSL-1.1.0-stable in ~/openssl-1.1. libp11
> built for 1.1 is installed in ~/openssl-1.1/lib/engines-1.1 directory. So
> far so good.
>
>
>
> The problem I’m having now is – my application appears to be getting the
> wrong pkcs11 engine (the one for 1.0.2), based on the error message I get
> on decrypting, which is indicative of the unmodified libp11 version (not
> the one I’m working with for 1.1).
>
>
>
> Question: how do I ensure/verify that the right pkcs11 library is loaded?
>
>
>
> Tail of openssl.cnf:
>
>
>
> [pkcs11_section]
>
> engine_id = pkcs11
>
> dynamic_path = /Users/ur20980/openssl-1.1/lib/engines-1.1/pkcs11.dylib
>
> MODULE_PATH = /usr/local/lib/yubihsm_pkcs11.dylib
>
> init = 0
>
>
>
>
>
> Thanks!
>
> --
>
> Regards,
>
> Uri Blumenthal
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170927/748496c9/attachment.html>
More information about the openssl-users
mailing list