Hi everyone, The first ENGINE_by_id call (line 730) in tls_engine_load_dynamic_generic is used to check if a certain OpenSSL engine is already loaded: https://w1.fi/cgit/hostap/tree/src/crypto/tls_openssl.c#n730 This ENGINE_by_id call has a side effect though that it automatically loads that engine with the default options if the shared object of that engine can be found by openssl. This means that if the autoload succeeds then this check will always be true and hence this engine can't ever be loaded with the specific options for WPA supplicant as specified in the configuration. The autoload code in OpenSSL was introduced in 2002 with this commit: https://github.com/openssl/openssl/commit/aae329c447025eb87dab294d909f9fbc48f7174c I'm not sure what's the best way to fix this issue but you'll find a patch proposal in the end that iterates over the available engines instead of using ENGINE_by_id to avoid the engine autoload. Best, Michael Schaller Proposed patch: --- ./src/crypto/tls_openssl.c.old 2016-05-30 13:35:15.341868226 +0000 +++ ./src/crypto/tls_openssl.c 2016-05-30 16:56:29.880912599 +0000 @@ -617,7 +617,14 @@ ENGINE *engine; const char *dynamic_id = "dynamic"; - engine = ENGINE_by_id(id); + /* + * Check if engine is already loaded. This intentionally doesn't use + * ENGINE_by_id as this would autoload an engine if it isn't loaded yet. + */ + for (engine = ENGINE_get_first(); engine; engine = ENGINE_get_next(engine)) { + if(!strcmp(id, ENGINE_get_id(engine))) + break; + } if (engine) { ENGINE_free(engine); wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
