curl build don't recognize openssl engine #2641

Closed
helenebb opened this Issue Jun 7, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@helenebb

helenebb commented Jun 7, 2018

I build curl to use it with OpenSSL with command :
nmake /f Makefile.vc mode=dll WITH_SSL=dll SSL_PATH=C:\OpenSSL-Win32

OpenSSL is : OpenSSL 1.0.2o 27 Mar 2018
I have add my engine on openssl configuration file (OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

[openssl_init]
engines=engine_section

[engine_section]
pkcs11=pkcs11_section

[pkcs11_section]
engine_id=pkcs11
dynamic_path=C:/Users/Helene/Desktop/libp11-0.4.7/libp11-0.4.7/src/pkcs11.dll
MODULE_PATH=C:/Windows/SysWOW64/module.dll
init=0

When I list engine with OpenSSL, my engine is OK :

>openssl engine -t
(rdrand) Intel RDRAND engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
(pkcs11) pkcs11 engine
     [ available ]

But if I list engine with my build curl, I have nothing :

>curl.exe --engine list
Build-time engines:
  <none>

If I use installed curl (with SSL support), I have no problem.

Is it my build curl not correct ?

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Jun 8, 2018

Member

I'm pretty sure that's because your build doesn't have HAVE_OPENSSL_ENGINE_H defined. See the code that lists the available engines:

curl/lib/vtls/openssl.c

Lines 1167 to 1185 in 9ff67f7

static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
struct curl_slist *beg;
ENGINE *e;
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
beg = curl_slist_append(list, ENGINE_get_id(e));
if(!beg) {
curl_slist_free_all(list);
return NULL;
}
list = beg;
}
#endif
(void) data;
return list;
}

Member

bagder commented Jun 8, 2018

I'm pretty sure that's because your build doesn't have HAVE_OPENSSL_ENGINE_H defined. See the code that lists the available engines:

curl/lib/vtls/openssl.c

Lines 1167 to 1185 in 9ff67f7

static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
struct curl_slist *beg;
ENGINE *e;
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
beg = curl_slist_append(list, ENGINE_get_id(e));
if(!beg) {
curl_slist_free_all(list);
return NULL;
}
list = beg;
}
#endif
(void) data;
return list;
}

@helenebb

This comment has been minimized.

Show comment
Hide comment
@helenebb

helenebb Jun 8, 2018

Indeed, it was the problem. Thank you for your help

helenebb commented Jun 8, 2018

Indeed, it was the problem. Thank you for your help

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Jun 8, 2018

Member

I'm not exactly sure what fix I propose for this, but I think the engine support is there by default since some openssl version and would probably be a better check.

Member

bagder commented Jun 8, 2018

I'm not exactly sure what fix I propose for this, but I think the engine support is there by default since some openssl version and would probably be a better check.

bagder added a commit that referenced this issue Jun 8, 2018

openssl: assume engine support in 1.0.1 or later
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.

While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.

Fixes #2641

@bagder bagder closed this in 38203f1 Jun 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment