On Wed, 2019-03-13 at 18:01 -0700, Rosen Penev wrote: > > My empirical observation is that with OpenSSL 1.1.0g, engines aren't > > working unless I remove the #ifdef and let ENGINE_load_dynamic() get > > called. How did you test this, and with which version(s) of OpenSSL? > > 1.1.0 and 1.1.1 on OpenWrt. When deprecated APIs are disabled, this > will not compile. But only compile-tested? > From the OpenSSL source, ENGINE_load_dynamic() is only defined when > deprecated APIs are enabled. It defines to: > OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) > > looks like an #else section is needed. Right. > As far as ERR_load_ENGINE_strings() is concerned, this is default in 1.1. > OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS must be passed to > OPENSSL_init_crypto to avoid it. Yeah, I think that part is fine. It's just that the dynamic engine doesn't get auto-initialised.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
