cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Custom OpenSSL crypto engine not known to cURL

From: Erwan Loa�c <erwan.loaec_at_cgin.fr>
Date: Wed, 10 Mar 2010 09:05:23 +0100

I hope this patch will be quickly introduced in newer version of curl...
That's exactly what I'm looking for without success...

Thanks!

--
Erwan Loaec
Petr Pisar wrote:
> On Mon, Mar 08, 2010 at 10:15:20PM +0100, Petr Pisar wrote:
>> I develop application using curl library that should support crypto engine.
>> However curl is not able to discover my engine (pkcs11).
>>
> [�]
>> So I have simple question: How can I instruct curl to load a default or any
>> particular OpenSSL configuration file?
>>
> 
> I inspired by openssl(1) initicialization and adjusted curl library.
> 
> Now I'm able to list dynamic engines defined in config file:
> 
> $ ./src/curl --engine list
> Build-time engines:
>   padlock
>   dynamic
>   pkcs11
> 
> And I'm able to use my USB token to authenticate curl(1). (Although my GnuTLS
> server crashes now, so maybe some dark effects has been introduced. But that's
> another story.)
> 
> Well, user can use OPENSSL_CONF environment variable or to use default
> openssl.cnf file from default OpenSSL directory.
> 
> -- Petr
> 
> 
> --- curl-7.20.0/lib/ssluse.c	2010-02-09 09:43:16.000000000 +0100
> +++ curl-7.20.0-devel/lib/ssluse.c	2010-03-09 18:11:57.000000000 +0100
> @@ -672,6 +672,11 @@
>   */
>  int Curl_ossl_init(void)
>  {
> +  CONF *config;
> +  const char *prefix, *environment;
> +  char *filename = NULL;
> +  size_t length;
> +
>  #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
>    ENGINE_load_builtin_engines();
>  #endif
> @@ -679,6 +684,37 @@
>    /* Lets get nice error messages */
>    SSL_load_error_strings();
>  
> +  /* Get config file */
> +#define OSSL_CONF_FILE_NAME "openssl.cnf"
> +  environment = getenv("OPENSSL_CONF");
> +  if (!environment) {
> +      prefix = X509_get_default_cert_area();
> +      length = strlen(prefix) + strlen(OSSL_CONF_FILE_NAME) + 2;
> +      filename = OPENSSL_malloc(length);
> +      if (!filename) return 0;
> +
> +      BUF_strlcpy(filename, prefix, length);
> +      BUF_strlcat(filename, "/", length);
> +      BUF_strlcat(filename, OSSL_CONF_FILE_NAME, length);
> +  }
> +#undef OSSL_CONF_FILE_NAME
> +
> +  /* Load config file */
> +  OPENSSL_load_builtin_modules();
> +  config=NCONF_new(NULL);
> +  if (!NCONF_load(config, (environment) ? environment : filename, NULL)) {
> +      OPENSSL_free(filename);
> +      OPENSSL_free(config);
> +      return 0;
> +  }
> +  if (CONF_modules_load(config, NULL, 0) <= 0) {
> +      OPENSSL_free(filename);
> +      OPENSSL_free(config);
> +      return 0;
> +  }
> +  OPENSSL_free(filename);
> +  OPENSSL_free(config);
> +
>    /* Init the global ciphers and digests */
>    if(!SSLeay_add_ssl_algorithms())
>      return 0;
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ:        http://curl.haxx.se/docs/faq.html
> Etiquette:  http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2010-03-10

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Custom OpenSSL crypto engine not known to cURL"
Previous message: Petr Pisar: "Re: Custom OpenSSL crypto engine not known to cURL"
In reply to: Petr Pisar: "Re: Custom OpenSSL crypto engine not known to cURL"
Next in thread: Daniel Stenberg: "Re: Custom OpenSSL crypto engine not known to cURL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]