From owner-freebsd-ports@FreeBSD.ORG Tue Sep 8 21:14:02 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FD54106566C; Tue, 8 Sep 2009 21:14:02 +0000 (UTC) (envelope-from mel.flynn+fbsd.ports@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id EBC7E8FC17; Tue, 8 Sep 2009 21:14:01 +0000 (UTC) Received: from smoochies.rachie.is-a-geek.net (mailhub.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 87E5A7E818; Tue, 8 Sep 2009 13:14:13 -0800 (AKDT) From: Mel Flynn To: freebsd-ports@freebsd.org Date: Tue, 8 Sep 2009 23:13:59 +0200 User-Agent: KMail/1.11.4 (FreeBSD/8.0-BETA4; KDE/4.2.4; i386; ; ) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200909082313.59252.mel.flynn+fbsd.ports@mailing.thruhere.net> Cc: Maintainer Subject: security/engine_pkcs11 unable to use it X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2009 21:14:02 -0000 Hi, after installing security/engine_pkcs11, I'm unable to use it. As per http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart I've modified my /etc/ssl/openssl.cnf, yet: % openssl req -config /etc/ssl/openssl.cnf -engine pkcs11 -new -key id_45 - keyform engine -out req.pem -text -x509 -subj "/CN=Foo Bar" invalid engine "pkcs11" 18730:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:162:filename(/usr/lib/engines/libpkcs11.so): Cannot open "/usr/lib/engines/libpkcs11.so" 18730:error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:244: 18730:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_dyn.c:450: 18730:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_list.c:415:id=pkcs11 18730:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_dlfcn.c:162:filename(libpkcs11.so): Shared object "libpkcs11.so" not found, required by "openssl" 18730:error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/dso/dso_lib.c:244: 18730:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_dyn.c:450: no engine specified unable to load Private Key Also, the file referenced on the quickstart page opensc-pkcs11.so is not installed by the port. Probably the weirdest thing is that I see no evidence of openssl understanding the configuration variables, meaning not looking in /usr/local/lib. For completeness: openssl.cnf changes: engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/local/lib/engines/engine_pkcs11.so init = 0 uname -a FreeBSD smoochies.rachie.is-a-geek.net 8.0-BETA4 FreeBSD 8.0-BETA4 #14 r196875M: Mon Sep 7 18:00:45 CEST 2009 mel@smoochies.rachie.is-a- geek.net:/usr/obj/usr/src/sys/HPDV9000 i386 openssl version (base): OpenSSL 0.9.8k 25 Mar 2009 How would one get this engine recognized and working and could this information be added to a pkg-message? -- Mel