wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/apps
History
David Woodhouse 0a72002993 Call ENGINE_init() before trying to use keys from engine 
When I said before that s_client "used to work in 1.0.2" that was only
partly true. It worked for engines which provided a default generic
method for some key type, because it called ENGINE_set_default() and
that ended up being an implicit initialisation and functional refcount.

But an engine which doesn't provide generic methods doesn't get initialised,
and then when you try to use it you get an error:

cannot load client certificate private key file from engine
140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66:
unable to load client certificate private key file

cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover
that engine_pkcs11 *used* to provide generic methods that OpenSSL would
try to use for ephemeral DH keys when negotiating ECDHE cipher suites in
TLS, and that didn't work out very well.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1639)
2016-09-28 12:15:17 -04:00
..
demoCA
demoSRP
app_rand.c cherry pick pr-512 changes 2016-05-29 13:36:59 -04:00
apps.c Call ENGINE_init() before trying to use keys from engine 2016-09-28 12:15:17 -04:00
apps.h Refactor to avoid unnecessary preprocessor logic 2016-09-15 23:24:06 +02:00
asn1pars.c Constify char* input parameters in apps code 2016-08-17 17:09:19 +01:00
build.info Simplify INCLUDE statements in build.info files 2016-07-01 18:36:08 +02:00
ca-cert.srl
ca-key.pem Fix verify(1) to report failure when verification fails 2016-01-13 17:55:17 -05:00
ca-req.pem Fix verify(1) to report failure when verification fails 2016-01-13 17:55:17 -05:00
ca.c Fix some magic values about revocation info type... 2016-09-13 11:42:57 -04:00
CA.pl.in perl: Separate compile-time environment from runtime environment 2016-07-04 15:40:31 +02:00
cert.pem
ciphers.c Add missing break statement 2016-06-14 11:21:44 +01:00
client.pem Replace expired test server and client certificates with new ones. 2011-12-08 14:44:05 +00:00
cms.c Remove an option related to a deprecated flag 2016-09-19 21:21:38 -04:00
crl.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00
crl2p7.c Avoid a double-free in crl2pl7 2016-06-14 11:27:10 +01:00
ct_log_list.cnf GH1536: Install empty CT log list 2016-09-14 18:22:33 -04:00
dgst.c RT3669: dgst can only sign/verify one file. 2016-09-20 15:47:55 -04:00
dh1024.pem Update Diffie-Hellman parameters to IANA standards 2016-05-03 10:32:01 -04:00
dh2048.pem Update Diffie-Hellman parameters to IANA standards 2016-05-03 10:32:01 -04:00
dh4096.pem Update Diffie-Hellman parameters to IANA standards 2016-05-03 10:32:01 -04:00
dhparam.c Deal with the consequences of constifying getters 2016-06-15 20:09:27 +02:00
dsa-ca.pem Fix verify(1) to report failure when verification fails 2016-01-13 17:55:17 -05:00
dsa-pca.pem Fix verify(1) to report failure when verification fails 2016-01-13 17:55:17 -05:00
dsa.c Simplify and add help about OPT_PVK* options 2016-08-17 17:09:19 +01:00
dsa512.pem
dsa1024.pem
dsap.pem
dsaparam.c Deal with the consequences of constifying getters 2016-06-15 20:09:27 +02:00
ec.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ecparam.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
enc.c Fix double calls to strlen 2016-07-20 01:35:38 -04:00
engine.c Have 'openssl engine' exit with non-zero when some engine fails to load 2016-08-04 16:57:49 +02:00
errstr.c Remove "lockit" from internal error-hash function 2016-08-04 14:23:08 -04:00
gendsa.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00
genpkey.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
genrsa.c Deal with the consequences of constifying getters 2016-06-15 20:09:27 +02:00
nseq.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ocsp.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00
openssl-vms.cnf RT3809: basicConstraints is critical 2016-06-13 09:18:22 -04:00
openssl.c Add -Wswitch-enum 2016-09-22 08:36:26 -04:00
openssl.cnf RT3809: basicConstraints is critical 2016-06-13 09:18:22 -04:00
opt.c Allow proxy certs to be present when verifying a chain 2016-06-20 21:34:37 +02:00
passwd.c Rather than one variable for each passwd type, use one enum variable 2016-09-14 18:02:29 +02:00
pca-cert.srl
pca-key.pem Fix verify(1) to report failure when verification fails 2016-01-13 17:55:17 -05:00
pca-req.pem Fix verify(1) to report failure when verification fails 2016-01-13 17:55:17 -05:00
pkcs7.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00
pkcs8.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00
pkcs12.c Support broken PKCS#12 key generation. 2016-08-25 11:43:40 +01:00
pkey.c Support for traditional format private keys. 2016-05-23 16:41:34 +01:00
pkeyparam.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
pkeyutl.c Constify char* input parameters in apps code 2016-08-17 17:09:19 +01:00
prime.c Ensure BIGNUM is freed in an error path 2016-06-01 14:51:36 +01:00
privkey.pem
progs.h Make update, etc. 2016-08-05 11:19:33 -04:00
progs.pl Fix output text to avoid gratuitious git diff 2016-08-04 14:29:55 -04:00
rand.c Fix some RAND bugs 2016-06-01 10:45:18 -04:00
rehash.c Add -h and -help for c_rehash script and app 2016-09-14 08:59:48 -04:00
req.c Clarify the error messages in 08f6ae5b28 2016-08-24 14:49:40 +01:00
req.pem
rsa.c Trust RSA_check_key() to return correct values 2016-08-24 14:31:05 +01:00
rsa8192.pem
rsautl.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s512-key.pem
s512-req.pem
s1024key.pem
s1024req.pem
s_apps.h Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s_cb.c Constify certificate and CRL time routines. 2016-08-19 18:40:55 +01:00
s_client.c Restore '-keyform engine' support for s_client 2016-09-28 12:15:17 -04:00
s_server.c Fix no-ocsp 2016-09-19 15:08:58 +02:00
s_socket.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s_time.c Relocalise some globals variables 2016-08-17 17:09:19 +01:00
server.pem Replace expired test server and client certificates with new ones. 2011-12-08 14:44:05 +00:00
server.srl
server2.pem Replace expired test server and client certificates with new ones. 2011-12-08 14:44:05 +00:00
sess_id.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
smime.c Remove an option related to a deprecated flag 2016-09-19 21:21:38 -04:00
speed.c Fix loopargs_t object duplication into ASYNC context 2016-08-22 15:03:51 +01:00
spkac.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00
srp.c Code factorisation and simplification 2016-07-20 01:35:38 -04:00
testCA.pem
testdsa.h Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
testrsa.h Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
timeouts.h Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ts.c Add -Wswitch-enum 2016-09-22 08:36:26 -04:00
tsget.in perl: Separate compile-time environment from runtime environment 2016-07-04 15:40:31 +02:00
verify.c Constify char* input parameters in apps code 2016-08-17 17:09:19 +01:00
version.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
vms_decc_init.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
vms_term_sock.c Reformat to fit OpenSSL source code standards 2016-09-15 23:24:06 +02:00
vms_term_sock.h Reformat to fit OpenSSL source code standards 2016-09-15 23:24:06 +02:00
win32_init.c Windows: UTF-8 opt-in for command-line arguments and console input. 2016-08-25 11:56:28 +01:00
x509.c Fix various missing option help messages ... 2016-09-19 21:21:38 -04:00