>On 8/7/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: >Try using engine "dynamic" instead of "pkcs11" or you might need to use everything >in one go...not sure anymore how this dynamic stuff works...Something
Fails :( ----- OpenSSL> req -engine dynamic -new -key id_45 -keyform engine -out req.pem-text -x509 engine "dynamic" set. unable to load Private Key 18146:error:26096075:engine routines:ENGINE_load_private_key:not initialised:eng_pkey.c:100: error in req OpenSSL> ----- Using everything at one go gives an error: ----- OpenSSL> engine dynamic -pre SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.soreq -engine pkcs11 -new -key id_45 -keyform engine -out req.pem -text -x509 usage: engine opts [engine ...] -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands' -vv will additionally display each command's description -vvv will also add the input flags for each command -vvvv will also show internal input flags -c - for each engine, also list the capabilities -t[t] - for each engine, check that they are really available -tt will display error trace for unavailable engines -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts to load it (if -t is used) -post <cmd> - runs command 'cmd' against the ENGINE after loading it (only used if -t is also provided) NB: -pre and -post will be applied to all ENGINEs supplied on the command line, or all supported ENGINEs if none are specified. Eg. '-pre "SO_PATH:/lib/libdriver.so"' calls command "SO_PATH" with argument "/lib/libdriver.so". error in engine OpenSSL> ------ Here's something strange (I think it's strange): the new version of openssl that I've installed gives the following ldd output: $ ldd ./openssl libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libc.so.1 => /usr/lib/libc.so.1 libmp.so.2 => /usr/lib/libmp.so.2 libmd.so.1 => /usr/lib/libmd.so.1 libscf.so.1 => /usr/lib/libscf.so.1 libuutil.so.1 => /usr/lib/libuutil.so.1 libgen.so.1 => /usr/lib/libgen.so.1 libm.so.2 => /usr/lib/libm.so.2 /platform/SUNW,Sun-Fire-V215/lib/libc_psr.so.1 /platform/SUNW,Sun-Fire-V215/lib/libmd_psr.so.1 But the previous version gave this output: $ ldd ./openssl libcrypto.so.0.9.8 => /usr/sfw/lib/libcrypto.so.0.9.8 libssl.so.0.9.8 => /usr/sfw/lib/libssl.so.0.9.8 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libc.so.1 => /usr/lib/libc.so.1 libmp.so.2 => /usr/lib/libmp.so.2 libmd.so.1 => /usr/lib/libmd.so.1 libscf.so.1 => /usr/lib/libscf.so.1 libuutil.so.1 => /usr/lib/libuutil.so.1 libgen.so.1 => /usr/lib/libgen.so.1 libcrypto_extra.so.0.9.8 => (file not found) libm.so.2 => /usr/lib/libm.so.2 /platform/SUNW,Sun-Fire-V215/lib/libc_psr.so.1 /platform/SUNW,Sun-Fire-V215/lib/libmd_psr.so.1 It looks like the new version isn't looking for libcrypto or even libssl, and there are no .so files at all in /home/sk211688/Desktop/openssldir/lib, which is where the new install is. Only static libraries. This is what the directory looks like: $ ls engines libcrypto.a libssl.a pkgconfig Is this okay? On 8/7/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: > > Try using engine "dynamic" instead of "pkcs11" or you might need to use > everything in one go...not sure anymore how this dynamic stuff > works...Something like: > > engine dynamic -pre SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so > -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre > MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so req -engine pkcs11 -new > -key id_45 -keyform engine -out req.pem -text -x509 > > :S > > Siddhartha Kasivajhula wrote: > > I installed openssl (latest) and opensc (latest) in non-default locations > and tried again, with limited success. > It now gets past the engine dynamic... stage: > > ----- > $ openssl > OpenSSL> engine dynamic -pre > SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre > LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so > [Success]: ID:pkcs11 > [Success]: LIST_ADD:1 > [Success]: LOAD > [Success]: MODULE_PATH:/home/sk211688/lib/opensc- pkcs11.so > Loaded: (pkcs11) pkcs11 engine > OpenSSL> > ----- > > But it fails at the next step: > > ----- > OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem-text > -x509 > unable to load module /home/sk211688/lib/opensc- pkcs11.so > can't use that engine > 18952:error:80001401:Vendor defined:PKCS11_CTX_load:Unable to load PKCS#11 > module:p11_load.c:57: > 18952:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init > failed:eng_table.c:161: > no engine specified > unable to load Private Key > error in req > OpenSSL> > ----- > > > >On 8/7/07, Douglas E. Engert < [EMAIL PROTECTED]> wrote: > >What version of Solaris? Solaris 10 has openssl in /usr/sfw/bin and the > libs > >in /usr/sfw/lib. > > Yes, right. That's the version I was using before. > > >Although on my system it is OpenSSL 0.9.7d 17 Mar 2004 (+ security > patches to 2006-09-29) > > Mine is 0.9.8 because I installed SunStudio 12 (from Sun's website. it's > the latest version). > > You may want to set the LD_LIBRARY_PATH to point to your lib directory > > with > > your versions of the libcrypto.so and libssl.so > > > I'm pretty sure I'd done this earlier as well, but I've set it to point > there now. > > > ------------------------------ > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: [EMAIL PROTECTED] > Phone: +1.213.341.0390 >
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel