security/engine_pkcs11 unable to use it
Mel Flynn
mel.flynn+fbsd.ports at mailing.thruhere.net
Tue Sep 8 21:14:02 UTC 2009
Hi,
after installing security/engine_pkcs11, I'm unable to use it.
As per http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart I've
modified my /etc/ssl/openssl.cnf, yet:
% openssl req -config /etc/ssl/openssl.cnf -engine pkcs11 -new -key id_45 -
keyform engine -out req.pem -text -x509 -subj "/CN=Foo Bar"
invalid engine "pkcs11"
18730:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:162:filename(/usr/lib/engines/libpkcs11.so):
Cannot open "/usr/lib/engines/libpkcs11.so"
18730:error:25070067:DSO support routines:DSO_load:could not load the shared
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:244:
18730:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_dyn.c:450:
18730:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_list.c:415:id=pkcs11
18730:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:162:filename(libpkcs11.so):
Shared object "libpkcs11.so" not found, required by "openssl"
18730:error:25070067:DSO support routines:DSO_load:could not load the shared
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:244:
18730:error:260B6084:engine routines:DYNAMIC_LOAD:dso not
found:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_dyn.c:450:
no engine specified
unable to load Private Key
Also, the file referenced on the quickstart page opensc-pkcs11.so is not
installed by the port.
Probably the weirdest thing is that I see no evidence of openssl understanding
the configuration variables, meaning not looking in /usr/local/lib.
For completeness:
openssl.cnf changes:
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/local/lib/engines/engine_pkcs11.so
init = 0
uname -a
FreeBSD smoochies.rachie.is-a-geek.net 8.0-BETA4 FreeBSD 8.0-BETA4 #14
r196875M: Mon Sep 7 18:00:45 CEST 2009 mel at smoochies.rachie.is-a-
geek.net:/usr/obj/usr/src/sys/HPDV9000 i386
openssl version (base):
OpenSSL 0.9.8k 25 Mar 2009
How would one get this engine recognized and working and could this
information be added to a pkg-message?
--
Mel
More information about the freebsd-ports
mailing list