openssl engine is not initialized properly

Maxim Dounin mdounin at mdounin.ru
Mon Aug 19 22:32:25 UTC 2019


Hello!

On Mon, Aug 19, 2019 at 07:35:57PM +0200, Vincent Chen wrote:

>    Hi,
> 
>    I am trying to implement an openssl (1.1.1c) engine. However, after the
>    openssl is initialized by nginx 1.17.2, the engine does not initialized
>    properly. When I am using 'openssl' command it works file.
> 
>    After a bit debugging, I realized that nginx 1.17.2 initialize openssl
>    with function call 'OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)'.
>    However, inside openssl function OPENSSL_init_crypto() (called from
>    OPENSSL_init_ssl), it needs the following flags to register all openssl
>    functions:
>    ```
> 
>        if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
> 
>                    | OPENSSL_INIT_ENGINE_OPENSSL
> 
>                    | OPENSSL_INIT_ENGINE_AFALG)) {
> 
>            ENGINE_register_all_complete();
> 
>        }
> 
>    ```
> 
>    The easiest way to fix this issue is to initialize openssl with
>    multiple flags like 'OPENSSL_INIT_LOAD_CONFIG
>    | OPENSSL_INIT_ENGINE_ALL_BUILTIN'. Will there be a fix in near future
>    about this issue?

Unlikely.  To load engines, you can use OpenSSL config, or the 
"ssl_engine" directive in nginx configuration, see 
http://nginx.org/r/ssl_engine.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx mailing list