httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@opensslfoundation.com>
Subject Re: svn commit: r1546693 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c
Date Sun, 01 Dec 2013 13:05:32 GMT
On 30/11/2013 11:54, Graham Leggett wrote:
> 
> I've picked the pkcs11 support apart in openssl to discover that there are
> really two engines at work, the "dynamic" engine capable of loading engines
> from dynamic libraries, and then the "pkcs11" engine which is just an
> implementation that happens to be (if you use opensc anyway) loadable as a
> dynamic library (this will be obvious to an openssl developer but wasn't
> obvious to me from the documentation I've read to date, which doesn't make
> clear that two engines are at work, or where the one engine begins and the
> other ends).
> 

Well normally the dynamic ENGINE doesn't matter because it is handled
transparently behind the scenes. If you lookup an ENGINE called "pkcs11" it will
first look in its internal table. If that fails it attempts to use the dynamic
ENGINE to load an ENGINE from an appropriate directory with an appropriate name.
The precise location depends on how OpenSSL is configured but it might for
example try to load "/usr/local/ssl/engines/libpkcs11.so". If that fails you get
an error.

It's only if you want to load an ENGINE manually that you have to worry about
the dynamic ENGINE.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com

Mime
View raw message