Hi ALL,
I am trying to use openssl pkcs11 engine . I have more than pkcs11 provider
and I want my customer to specify which pkcs11 provider they want to use .
For this I am thinking to modify the openssl.cnf file and
have one option
pkcs11_lib32=/usr/lib/pkcs11/opencryptoki.so
pkcs11_lib64=/usr/lib/pkcs11/opencryptoki64.so.
I have modified the existing openssl.cnf
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
default_algorithms = ALL
pkcs11_lib32=/usr/lib/pkcs11/ibm_pkcs11.so
But when I run openssl command ,It throws me the error message .
./openssl dgst -sha1 -engine pkcs11 /home
Error configuring OpenSSL
368876:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd
name:eng_ctrl.c:134:
368876:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd
name:eng_ctrl.c:316:
368876:error:0E07606D:configuration file routines:MODULE_RUN:module
initialization error:conf_mod.c:235:module=engines, value=engine_section,
retcode=-1
Where should i add the pkcs11_lib32 option in openssl.cnf so that customer
can provide this own pkcs11 provider library.
Thanks in advance
Joshi
--
View this message in context:
http://old.nabble.com/Openssl-configuration-%28openssl.cnf-%29-doudt-tp27527111p27527111.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
