On Wed, Mar 13, 2019 at 5:48 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > On Wed, 2019-03-13 at 17:40 -0700, Rosen Penev wrote: > > OPENSSL_init is implicit with OpenSSL 1.1. There's no need to call it > > unless some non-default setting is needed (not loading error strings > > for example). > > My empirical observation is that with OpenSSL 1.1.0g, engines aren't > working unless I remove the #ifdef and let ENGINE_load_dynamic() get > called. How did you test this, and with which version(s) of OpenSSL? 1.1.0 and 1.1.1 on OpenWrt. When deprecated APIs are disabled, this will not compile. >From the OpenSSL source, ENGINE_load_dynamic() is only defined when deprecated APIs are enabled. It defines to: OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) looks like an #else section is needed. As far as ERR_load_ENGINE_strings() is concerned, this is default in 1.1. OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS must be passed to OPENSSL_init_crypto to avoid it. > > With the #ifdef: > > ENGINE: Loading dynamic engine > ENGINE: Loading OpenSC Engine from /home/dwmw/git/openssl_tpm2_engine/.libs/libtpm2.so > ENGINE: Can't find engine dynamic [error:2606A074:engine routines:ENGINE_by_id:no such engine] > SSL: Failed to initialize TLS context. > > Reverting it: > > ENGINE: Loading dynamic engine > ENGINE: Loading OpenSC Engine from /home/dwmw/git/openssl_tpm2_engine/.libs/libtpm2.so > ENGINE: engine 'tpm2' is already available > ENGINE: Loading dynamic engine > ENGINE: Loading OpenSC Engine from /home/dwmw/git/openssl_tpm2_engine/.libs/libtpm2.so > ENGINE: engine 'tpm2' is already available _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
