Description of problem: Errors when I try to use engine_pkcs11 with openssl.cnf config file Version-Release number of selected component (if applicable): [root@localhost dev]# rpm -qa | grep engine_pkcs11 engine_pkcs11-0.1.8-1.fc14.x86_64 [root@localhost dev]# rpm -qa | grep openssl openssl-devel-1.0.0c-1.fc14.x86_64 openssl-1.0.0c-1.fc14.x86_64 How reproducible: always Steps to Reproduce: 1. [midnighter@localhost ~]$ openssl OpenSSL> engine dynamic -pre SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:engine_pkcs11.so (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:engine_pkcs11.so Loaded: (pkcs11) pkcs11 engine OpenSSL> 2. [root@localhost dev]# vi /etc/pki/tls/openssl.cnf 3. add into the config ################################################## openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/lib64/openssl/engines/engine_pkcs11.so MODULE_PATH = /usr/lib64/pkcs11/opensc-pkcs11.so init = 0 [req] distinguished_name = req_distinguished_name [req_distinguished_name] ################################################## Actual results: [root@localhost dev]# openssl engine -v -t (aesni) Intel AES-NI engine (no-aesni) [ available ] (dynamic) Dynamic engine loading support [ unavailable ] SO_PATH, NO_VCHECK, ID, LIST_ADD, DIR_LOAD, DIR_ADD, LOAD (pkcs11) pkcs11 engine openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_list.c:284 Auto configuration failed 139977877768000:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine id:eng_list.c:116: 139977877768000:error:2606906E:engine routines:ENGINE_add:internal list error:eng_list.c:288: 139977877768000:error:260B6067:engine routines:DYNAMIC_LOAD:conflicting engine id:eng_dyn.c:540: 139977877768000:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:eng_cnf.c:204:section=pkcs11_section, name=dynamic_path, value=/usr/lib64/openssl/engines/engine_pkcs11.so 139977877768000:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1 Expected results: no any errors Additional info: same trouble http://www.opensc-project.org/pipermail/opensc-user/2010-November/004330.html
I am sorry, but I cannot reproduce the problem. Which pkcs11 module do you use?
I am use /usr/lib64/pkcs11/opensc-pkcs11.so module with Rutoken ECP - http://www.opensc-project.org/opensc/wiki/AktivRutokenECP This token has a "GOST" on-board cryptographic function. I have been opened a bug on opensc-project.org site - http://www.opensc-project.org/opensc/ticket/303 and have answer to it. Could you please see that answer?
The GOST engine algorithms are not compiled in our openssl builds because some of them depend on EC algorithms support which we can not include due to some concerns with patents.
OK. That`s I don`t know why it happen. Could you tell me more debug option?