From owner-freebsd-ports@FreeBSD.ORG Wed Sep 9 10:10:38 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 801D01065676; Wed, 9 Sep 2009 10:10:38 +0000 (UTC) (envelope-from mel.flynn+fbsd.ports@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 268998FC16; Wed, 9 Sep 2009 10:10:38 +0000 (UTC) Received: from smoochies.rachie.is-a-geek.net (mailhub.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id A44DA7E821; Wed, 9 Sep 2009 02:10:49 -0800 (AKDT) From: Mel Flynn To: freebsd-ports@freebsd.org Date: Wed, 9 Sep 2009 12:10:35 +0200 User-Agent: KMail/1.11.4 (FreeBSD/8.0-BETA4; KDE/4.2.4; i386; ; ) References: <200909082313.59252.mel.flynn+fbsd.ports@mailing.thruhere.net> <200909091127.52592.mel.flynn+fbsd.ports@mailing.thruhere.net> <4AA7792B.4090601@FreeBSD.org> In-Reply-To: <4AA7792B.4090601@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200909091210.35307.mel.flynn+fbsd.ports@mailing.thruhere.net> Cc: Alex Dupre Subject: Re: security/engine_pkcs11 unable to use it X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Sep 2009 10:10:38 -0000 On Wednesday 09 September 2009 11:45:15 Alex Dupre wrote: > Mel Flynn ha scritto: > >> Mel Flynn ha scritto: > >>> As per http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart I've > >>> modified my /etc/ssl/openssl.cnf, yet: > >> > >> Can you try the command-line alternative? > > > > OpenSSL> engine -t dynamic -pre > > SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre > > LIST_ADD:1 -pre LOAD -pre > > MODULE_PATH:/usr/local/lib/engines/engine_pkcs11.so (dynamic) Dynamic > > engine loading support > > [Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so > > [Success]: ID:pkcs11 > > [Success]: LIST_ADD:1 > > [Success]: LOAD > > [Success]: MODULE_PATH:/usr/local/lib/engines/engine_pkcs11.so > > Loaded: (pkcs11) pkcs11 engine > > unable to load module /usr/local/lib/engines/engine_pkcs11.so > > [ unavailable ] > > Ops, I didn't notice it before, but which PKCS11 token are you using? > This is the engine, MODULE_PATH must address a criptoki library. Aha! Maybe patch below is an idea? OpenSSL> engine -t dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/local/lib/engines/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:/usr/local/lib/opensc-pkcs11.so Loaded: (pkcs11) pkcs11 engine --- security/engine_pkcs11/Makefile.orig 2009-08-05 22:28:40.000000000 +0200 +++ security/engine_pkcs11/Makefile 2009-09-09 12:01:51.000000000 +0200 @@ -33,4 +33,8 @@ ${WRKSRC}/Makefile.in ${WRKSRC}/doc/Makefile.in .endif +post-install: + @${ECHO_MSG} "You will need a criptoki library to use the engine." + @${ECHO_MSG} "One is provided by security/opensc" + .include -- Mel