security/engine_pkcs11 unable to use it

Mel Flynn mel.flynn+fbsd.ports at mailing.thruhere.net
Tue Sep 8 21:14:02 UTC 2009 

Hi,

after installing security/engine_pkcs11, I'm unable to use it.

As per http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart I've 
modified my /etc/ssl/openssl.cnf, yet:
% openssl req -config /etc/ssl/openssl.cnf -engine pkcs11 -new -key id_45 -
keyform engine -out req.pem -text -x509 -subj "/CN=Foo Bar"
invalid engine "pkcs11"
18730:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared 
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:162:filename(/usr/lib/engines/libpkcs11.so): 
Cannot open "/usr/lib/engines/libpkcs11.so"
18730:error:25070067:DSO support routines:DSO_load:could not load the shared 
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:244:
18730:error:260B6084:engine routines:DYNAMIC_LOAD:dso not 
found:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_dyn.c:450:
18730:error:2606A074:engine routines:ENGINE_by_id:no such 
engine:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_list.c:415:id=pkcs11
18730:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared 
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:162:filename(libpkcs11.so): 
Shared object "libpkcs11.so" not found, required by "openssl"
18730:error:25070067:DSO support routines:DSO_load:could not load the shared 
library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:244:
18730:error:260B6084:engine routines:DYNAMIC_LOAD:dso not 
found:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_dyn.c:450:
no engine specified
unable to load Private Key

Also, the file referenced on the quickstart page opensc-pkcs11.so is not 
installed by the port.

Probably the weirdest thing is that I see no evidence of openssl understanding 
the configuration variables, meaning not looking in /usr/local/lib.

For completeness:
openssl.cnf changes:
engines                 = engine_section

[engine_section]
pkcs11                  = pkcs11_section

[pkcs11_section]
engine_id               = pkcs11
dynamic_path            = /usr/local/lib/engines/engine_pkcs11.so
init                    = 0

uname -a
FreeBSD smoochies.rachie.is-a-geek.net 8.0-BETA4 FreeBSD 8.0-BETA4 #14 
r196875M: Mon Sep  7 18:00:45 CEST 2009     mel at smoochies.rachie.is-a-
geek.net:/usr/obj/usr/src/sys/HPDV9000  i386

openssl version (base):
OpenSSL 0.9.8k 25 Mar 2009

How would one get this engine recognized and working and could this 
information be added to a pkg-message?
-- 
Mel

More information about the freebsd-ports mailing list