openssl engine is not initialized properly
Maxim Dounin
mdounin at mdounin.ru
Mon Aug 19 22:32:25 UTC 2019
Hello!
On Mon, Aug 19, 2019 at 07:35:57PM +0200, Vincent Chen wrote:
> Hi,
>
> I am trying to implement an openssl (1.1.1c) engine. However, after the
> openssl is initialized by nginx 1.17.2, the engine does not initialized
> properly. When I am using 'openssl' command it works file.
>
> After a bit debugging, I realized that nginx 1.17.2 initialize openssl
> with function call 'OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)'.
> However, inside openssl function OPENSSL_init_crypto() (called from
> OPENSSL_init_ssl), it needs the following flags to register all openssl
> functions:
> ```
>
> if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
>
> | OPENSSL_INIT_ENGINE_OPENSSL
>
> | OPENSSL_INIT_ENGINE_AFALG)) {
>
> ENGINE_register_all_complete();
>
> }
>
> ```
>
> The easiest way to fix this issue is to initialize openssl with
> multiple flags like 'OPENSSL_INIT_LOAD_CONFIG
> | OPENSSL_INIT_ENGINE_ALL_BUILTIN'. Will there be a fix in near future
> about this issue?
Unlikely. To load engines, you can use OpenSSL config, or the
"ssl_engine" directive in nginx configuration, see
http://nginx.org/r/ssl_engine.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list