Aleksey Samsonov wrote: > Hello, > > Jan Just Keijser wrote: >> Martin Paljak wrote: >>> On Apr 16, 2010, at 09:51 , Aleksey Samsonov wrote: >>> >>>> I commented out the OPENSSL_config(NULL) and now it works ... >>>> >>>>> should this added as a patch? the FIXME seems to be to *remove* >>>>> the explicit call to OPENSSL_config; I can confirm that this works >>>>> for both openssl-1.0.0-beta4 and the official openssl-1.0.0 release >>>>> >>>> The FIXME means that call OPENSSL_config(NULL) may have problems >>>> and needs more cleanup solution for loading GOST algorithms' >>>> implementation. >>>> >>> >>> Does this mean that a fix in OpenSC is not needed and the problem >>> lies in OpenSSL land? >>> >>> >> the problem is not in openssl land but in the way the GOST engine is >> loaded by the pkcs11 software. The GOST engine requires a section in >> the openssl.cnf file to load the appropriate shared library. The >> problem (with openssl) is , is that you cannot register an engine >> twice. So when a program loads and parses an openssl.cnf file which >> contains engine definitions then the second attempt to register that >> enginte will cause a failure. >> >> I've built the GOST engine myself and did *NOT* specify an >> openssl.cnf file : the gost engine still loads, but I am not sure if >> it is functional. So the real question becomes: is this openssl.cnf >> section still necessary? > > Yes, this section is necessary for using GOST engine. > > >> is it still required to run >> OPENSSL_config() >> during opensc initialisation? >> >> Another solution might be to not call >> OPENSSL_config() >> but call >> OPENSSL_config( "gost" ) >> instead; this will cause the openssl library to only parse the GOST >> section (provided there is one) which should solve the problem as well. > > Thank you! It works. > Could you please test attached patch? > > >> However, what happens if the "gost" section is missing? > > I think error must be ignored. > the patch works but it will not really solve the issue: if we add this patch then any program that tries to load both the GOST engine and opensc-pkcs11.so will still get the same error (engine defined twice). I guess we need to come up with something more sustainable.... Perhaps it's possible to detect if an engine has been loaded already ?
cheers, JJK _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
