On 11-04-05 11:50 AM, Dr. Stephen Henson wrote: > On Tue, Apr 05, 2011, Bram Cymet wrote: > >> I added some debugging output to openssl and I have found that it is >> parsing the config file twice and attempting to load the engine twice. >> >> OPENSSL_CONF=/opt/cbnca/etc/cbn-openssl.conf ./apps/openssl smime >> -decrypt -recip /tmp/ldaptest-cert.pem -engine pkcs11 -inkey slot_0 >> -keyform engine -in /tmp/encrypt >> ENGINE LIST ADD!!!!! >> NCONF_load /opt/cbnca/etc/cbn-openssl.conf >> def_load /opt/cbnca/etc/cbn-openssl.conf >> Section: default >> psection: default >> v name: openssl_conf >> value: openssl_def >> psection: openssl_def >> v name: engines >> value: engine_section >> psection: engine_section >> v name: pkcs11 >> value: pkcs11_section >> psection: pkcs11_section >> v name: engine_id >> value: pkcs11 >> psection: pkcs11_section >> v name: dynamic_path >> value: /usr/lib64/engines/engine_pkcs11.so >> psection: pkcs11_section >> v name: MODULE_PATH >> value: /usr/lib64/opensc-pkcs11.so >> psection: pkcs11_section >> v name: init >> value: 0 >> psection: pkcs11_section >> v name: PIN >> value: 9999 >> ENGINE LIST ADD!!!!! >> First ID: dynamic --- Second ID: pkcs11 >> openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:287 >> ENGINE LIST ADD!!!!! >> First ID: dynamic --- Second ID: dynamic >> NCONF_load /opt/cbnca/etc/cbn-openssl.conf >> def_load /opt/cbnca/etc/cbn-openssl.conf >> Section: default >> psection: default >> v name: openssl_conf >> value: openssl_def >> psection: openssl_def >> v name: engines >> value: engine_section >> psection: engine_section >> v name: pkcs11 >> value: pkcs11_section >> psection: pkcs11_section >> v name: engine_id >> value: pkcs11 >> psection: pkcs11_section >> v name: dynamic_path >> value: /usr/lib64/engines/engine_pkcs11.so >> psection: pkcs11_section >> v name: MODULE_PATH >> value: /usr/lib64/opensc-pkcs11.so >> psection: pkcs11_section >> v name: init >> value: 0 >> psection: pkcs11_section >> v name: PIN >> value: 9999 >> ENGINE LIST ADD!!!!! >> First ID: dynamic --- Second ID: pkcs11 >> First ID: pkcs11 --- Second ID: pkcs11 >> Auto configuration failed >> 139807017879192:error:26078067:engine >> routines:ENGINE_LIST_ADD:conflicting engine id:eng_list.c:119: >> 139807017879192:error:2606906E:engine routines:ENGINE_add:internal list >> error:eng_list.c:291: >> 139807017879192:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting >> engine id:eng_dyn.c:540: >> 139807017879192:error:260BC066:engine >> routines:INT_ENGINE_CONFIGURE:engine configuration >> error:eng_cnf.c:204:section=pkcs11_section, name=dynamic_path, >> value=/usr/lib64/engines/engine_pkcs11.so >> 139807017879192:error:0E07606D:configuration file >> routines:MODULE_RUN:module initialization >> error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 >> >> >> Any idea why it would be doing that? >> > > Check to see if the PKCS#11 ENGINE is loading the config file internally. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org That is exactly what it turned out to be.
-- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. 613-608-9752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org