New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl build don't recognize openssl engine #2641

Closed
helenebb opened this Issue Jun 7, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@helenebb

helenebb commented Jun 7, 2018

I build curl to use it with OpenSSL with command :
nmake /f Makefile.vc mode=dll WITH_SSL=dll SSL_PATH=C:\OpenSSL-Win32

OpenSSL is : OpenSSL 1.0.2o 27 Mar 2018
I have add my engine on openssl configuration file (OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

[openssl_init]
engines=engine_section

[engine_section]
pkcs11=pkcs11_section

[pkcs11_section]
engine_id=pkcs11
dynamic_path=C:/Users/Helene/Desktop/libp11-0.4.7/libp11-0.4.7/src/pkcs11.dll
MODULE_PATH=C:/Windows/SysWOW64/module.dll
init=0

When I list engine with OpenSSL, my engine is OK :

>openssl engine -t
(rdrand) Intel RDRAND engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
(pkcs11) pkcs11 engine
     [ available ]

But if I list engine with my build curl, I have nothing :

>curl.exe --engine list
Build-time engines:
  <none>

If I use installed curl (with SSL support), I have no problem.

Is it my build curl not correct ?

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Jun 8, 2018

Member

I'm pretty sure that's because your build doesn't have HAVE_OPENSSL_ENGINE_H defined. See the code that lists the available engines:

curl/lib/vtls/openssl.c

Lines 1167 to 1185 in 9ff67f7

static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
struct curl_slist *beg;
ENGINE *e;
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
beg = curl_slist_append(list, ENGINE_get_id(e));
if(!beg) {
curl_slist_free_all(list);
return NULL;
}
list = beg;
}
#endif
(void) data;
return list;
}

Member

bagder commented Jun 8, 2018

I'm pretty sure that's because your build doesn't have HAVE_OPENSSL_ENGINE_H defined. See the code that lists the available engines:

curl/lib/vtls/openssl.c

Lines 1167 to 1185 in 9ff67f7

static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
struct curl_slist *beg;
ENGINE *e;
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
beg = curl_slist_append(list, ENGINE_get_id(e));
if(!beg) {
curl_slist_free_all(list);
return NULL;
}
list = beg;
}
#endif
(void) data;
return list;
}

@helenebb

This comment has been minimized.

Show comment
Hide comment
@helenebb

helenebb Jun 8, 2018

Indeed, it was the problem. Thank you for your help

helenebb commented Jun 8, 2018

Indeed, it was the problem. Thank you for your help

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Jun 8, 2018

Member

I'm not exactly sure what fix I propose for this, but I think the engine support is there by default since some openssl version and would probably be a better check.

Member

bagder commented Jun 8, 2018

I'm not exactly sure what fix I propose for this, but I think the engine support is there by default since some openssl version and would probably be a better check.

bagder added a commit that referenced this issue Jun 8, 2018

openssl: assume engine support in 1.0.1 or later
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.

While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.

Fixes #2641

@bagder bagder closed this in 38203f1 Jun 11, 2018

@lock lock bot locked as resolved and limited conversation to collaborators Sep 9, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.