cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Custom OpenSSL crypto engine not known to cURL

From: Petr Pisar <petr.pisar_at_atlas.cz>
Date: Tue, 9 Mar 2010 18:53:33 +0100

On Mon, Mar 08, 2010 at 10:15:20PM +0100, Petr Pisar wrote:
>
> I develop application using curl library that should support crypto engine.
> However curl is not able to discover my engine (pkcs11).
>
[…]
>
> So I have simple question: How can I instruct curl to load a default or any
> particular OpenSSL configuration file?
>

I inspired by openssl(1) initicialization and adjusted curl library.

Now I'm able to list dynamic engines defined in config file:

$ ./src/curl --engine list
Build-time engines:
  padlock
  dynamic
  pkcs11

And I'm able to use my USB token to authenticate curl(1). (Although my GnuTLS
server crashes now, so maybe some dark effects has been introduced. But that's
another story.)

Well, user can use OPENSSL_CONF environment variable or to use default
openssl.cnf file from default OpenSSL directory.

-- Petr

--- curl-7.20.0/lib/ssluse.c 2010-02-09 09:43:16.000000000 +0100
+++ curl-7.20.0-devel/lib/ssluse.c 2010-03-09 18:11:57.000000000 +0100
@@ -672,6 +672,11 @@
  */
 int Curl_ossl_init(void)
 {
+ CONF *config;
+ const char *prefix, *environment;
+ char *filename = NULL;
+ size_t length;
+
 #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
   ENGINE_load_builtin_engines();
 #endif
@@ -679,6 +684,37 @@
   /* Lets get nice error messages */
   SSL_load_error_strings();
 
+ /* Get config file */
+#define OSSL_CONF_FILE_NAME "openssl.cnf"
+ environment = getenv("OPENSSL_CONF");
+ if (!environment) {
+ prefix = X509_get_default_cert_area();
+ length = strlen(prefix) + strlen(OSSL_CONF_FILE_NAME) + 2;
+ filename = OPENSSL_malloc(length);
+ if (!filename) return 0;
+
+ BUF_strlcpy(filename, prefix, length);
+ BUF_strlcat(filename, "/", length);
+ BUF_strlcat(filename, OSSL_CONF_FILE_NAME, length);
+ }
+#undef OSSL_CONF_FILE_NAME
+
+ /* Load config file */
+ OPENSSL_load_builtin_modules();
+ config=NCONF_new(NULL);
+ if (!NCONF_load(config, (environment) ? environment : filename, NULL)) {
+ OPENSSL_free(filename);
+ OPENSSL_free(config);
+ return 0;
+ }
+ if (CONF_modules_load(config, NULL, 0) <= 0) {
+ OPENSSL_free(filename);
+ OPENSSL_free(config);
+ return 0;
+ }
+ OPENSSL_free(filename);
+ OPENSSL_free(config);
+
   /* Init the global ciphers and digests */
   if(!SSLeay_add_ssl_algorithms())
     return 0;

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/pgp-signature attachment: stored
Received on 2010-03-09