[PATCH v2] Fix ENGINE support with OpenSSL 1.1+

David Woodhouse dwmw2 at infradead.org
Thu Apr 4 03:45:13 PDT 2019


On Thu, 2019-04-04 at 12:38 +0200, Andrej Shadura wrote:
> Hi David,
> 
> On Thu, 14 Mar 2019 at 18:25, David Woodhouse <dwmw2 at infradead.org> wrote:
> > 
> > Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
> > deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
> > versions of OpenSSL, asserting that it should happen automatically.
> > 
> > That appears not to be the case, and loading engines now fails because
> > the dynamic engine isn't present.
> > 
> > Fix it by calling ENGINE_load_builtin_engines(), which works for all
> > versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
> > because that should have happened when SSL_load_error_strings() is
> > called anyway.
> > 
> > Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
> > 
> > diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> > index 705fa29a3..ee7ed7c9b 100644
> > @@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf)
> 
> I’m not sure you noticed, but your patch is slightly malformed
> (missing ---/+++ lines), meaning some (but not all) patch parsers will
> accept it but others will not.

Ah, thanks. I think that happened because I edited out some debugging
cruft from the patch, and took too much out. Will fix the trivial
detail about the debug message that Rosen pointed out, and post a v3.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5174 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20190404/d13f2ed2/attachment.bin>


More information about the Hostap mailing list