Thanks for the comments, I summarize actionable items at the bottom as the
conversation develops. I can push further commits, and do the final squash when
it can be accepted.
1. Preprocessor defines `OPENSSL_NO_ENGINE` - followed nginx and HAProxy where
they use this to omit compile-time code that uses OpenSSL `ENGINE_xxxx`
functions. Frankly I doubt any modern OpenSSL actually defines this. Same
purpose as `OPENSSL_NO_ECDH` in existing `tls.c`.
At runtime it might be difficult as the symbol won't be in the users
`libcrypto.so`. If we include these symbols, then the users `libcrypto.so` is
required to have engine support (even if they don't use it)
Currently the runtime use is controlled by the proposed modparam `engine`,
but ENGINE symbols are still UND in `tls.so`.
1. whitespace - added to TODO list below: it was a code editor setting, my bad
1. documentation - added to TODO list
Sample nginx code (because of `ENGINE_*` symbols). HAProxy has similar
constructs:
```
#ifndef OPENSSL_NO_ENGINE
u_char *p, *last;
ENGINE *engine;
EVP_PKEY *pkey;
p = key->data + sizeof("engine:") - 1;
last = (u_char *) ngx_strchr(p, ':');
if (last == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid syntax in \"%V\"", key);
return NGX_ERROR;
}
*last = '\0';
engine = ENGINE_by_id((char *) p);
```
TODO list:
* revert code editor gratuitous whitespace changes
* documentation updates for new configuration directives
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484#issuecomment-374443429_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
