[PATCH 1/2] OpenSSL: Initialise PKCS#11 engine even if found with ENGINE_by_id()
David Woodhouse
dwmw2 at infradead.org
Tue Jun 7 05:08:13 PDT 2016
On Tue, 2016-06-07 at 13:02 +0100, David Woodhouse wrote:
> Recent versions of engine_pkcs11 are set up to be autoloaded on demand
> with ENGINE_by_id() because they don't need explicit configuration.
>
> But if we *do* want to explicitly configure them with a PKCS#11 module
> path, we should still do so.
>
> We can't tell whether it was already initialised, but it's harmless to
> repeat the MODULE_PATH command if it was.
>
> Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
Apologies, Evolution appears to have eaten the whitespace in those
patches and turned some spaces in to non-breaking spaces. I'll go file
a bug later, but in the meantime they're both at
git:// or http://git.infradead.org/users/dwmw2/hostap.git
I tested with the use case we *care* about, which is a simple:
client_cert="pkcs11:id=%4b%1a%cd%46%22%c4%a0%37%da%8b%45%ad%71%ba%3d%c5%b9%7e%f7%4f"
private_key="pkcs11:id=%4b%1a%cd%46%22%c4%a0%37%da%8b%45%ad%71%ba%3d%c5%b9%7e%f7%4f"
We should probably make it work without specifying the private_key
separately, like it does for PKCS#12 files.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160607/54bb5062/attachment.bin>
More information about the Hostap
mailing list