Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl build don't recognize openssl engine #2641

Closed
helenebb opened this issue Jun 7, 2018 · 3 comments
Closed

curl build don't recognize openssl engine #2641

helenebb opened this issue Jun 7, 2018 · 3 comments
Labels
build TLS

Comments

@helenebb
Copy link

helenebb commented Jun 7, 2018

I build curl to use it with OpenSSL with command :
nmake /f Makefile.vc mode=dll WITH_SSL=dll SSL_PATH=C:\OpenSSL-Win32

OpenSSL is : OpenSSL 1.0.2o 27 Mar 2018
I have add my engine on openssl configuration file (OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

[openssl_init]
engines=engine_section

[engine_section]
pkcs11=pkcs11_section

[pkcs11_section]
engine_id=pkcs11
dynamic_path=C:/Users/Helene/Desktop/libp11-0.4.7/libp11-0.4.7/src/pkcs11.dll
MODULE_PATH=C:/Windows/SysWOW64/module.dll
init=0

When I list engine with OpenSSL, my engine is OK :

>openssl engine -t
(rdrand) Intel RDRAND engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
(pkcs11) pkcs11 engine
     [ available ]

But if I list engine with my build curl, I have nothing :

>curl.exe --engine list
Build-time engines:
  <none>

If I use installed curl (with SSL support), I have no problem.

Is it my build curl not correct ?
@bagder
Copy link
Member

bagder commented Jun 8, 2018
edited

I'm pretty sure that's because your build doesn't have HAVE_OPENSSL_ENGINE_H defined. See the code that lists the available engines:

curl/lib/vtls/openssl.c

Lines 1167 to 1185 in 9ff67f7

static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
struct curl_slist *beg;
ENGINE *e;
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
beg = curl_slist_append(list, ENGINE_get_id(e));
if(!beg) {
curl_slist_free_all(list);
return NULL;
}
list = beg;
}
#endif
(void) data;
return list;
}

@helenebb
Copy link
Author

helenebb commented Jun 8, 2018

Indeed, it was the problem. Thank you for your help

@bagder
Copy link
Member

bagder commented Jun 8, 2018

I'm not exactly sure what fix I propose for this, but I think the engine support is there by default since some openssl version and would probably be a better check.

bagder added a commit that referenced this issue Jun 8, 2018
@bagder
openssl: assume engine support in 1.0.1 or later
d0b5591 
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.

While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.

Fixes #2641
@bagder bagder mentioned this issue Jun 8, 2018
Closed
@bagder bagder closed this as completed in 38203f1 Jun 11, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Sep 9, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
build TLS
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bagder @helenebb