Bug with OpenSSL engine initialization in tls_engine_load_dynamic_generic

Michael Schaller misch at google.com
Mon Jun 6 08:56:45 PDT 2016


I agree about the Linux part and I have no clue about the Mac OS X part. ;-)

For me only remains one topic then. If specifying the pkcs11 engine
and module path is on the way of deprecation (but IMHO not quite there
yet) is it then worth fixing this issue? If yes, what about the
proposed patch to not use ENGINE_by_id to check if an engine has been
already loaded?

On Mon, Jun 6, 2016 at 3:09 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Mon, 2016-06-06 at 14:56 +0200, Michael Schaller wrote:
>> Thank you for the input, David. I'll discuss the issue with my
>> colleague Mike Gerow and we will probably switch to using p11-kit.
>> When it comes to WPA Supplicant itself do you think that manually
>> specifying the pkcs11 engine and module path should be
>> deprecated/removed?
>
> Deprecated, yes. But there'll be a long tail of legacy installations
> (and distributions which aren't keeping up with the times) before we
> can actually *remove* the support.
>
> I'm not entirely sure about OS X either. It's perfectly reasonable to
> assume p11-kit on any Linux distribution, but perhaps OSX still wants
> to do its own thing? (And do we even have an engine or PKCS#11 module
> that accesses the OSX keychain...?)
>
> --
> dwmw2



More information about the Hostap mailing list