On Wed, Mar 13, 2019 at 6:20 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > On Wed, 2019-03-13 at 18:01 -0700, Rosen Penev wrote: > > > My empirical observation is that with OpenSSL 1.1.0g, engines aren't > > > working unless I remove the #ifdef and let ENGINE_load_dynamic() get > > > called. How did you test this, and with which version(s) of OpenSSL? > > > > 1.1.0 and 1.1.1 on OpenWrt. When deprecated APIs are disabled, this > > will not compile. > > But only compile-tested? OpenWrt does not enable ENGINE support by default. So it has been run tested. Yet it has not. > > > From the OpenSSL source, ENGINE_load_dynamic() is only defined when > > deprecated APIs are enabled. It defines to: > > OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) > > > > looks like an #else section is needed. > > Right. > > > As far as ERR_load_ENGINE_strings() is concerned, this is default in 1.1. > > OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS must be passed to > > OPENSSL_init_crypto to avoid it. > > Yeah, I think that part is fine. It's just that the dynamic engine > doesn't get auto-initialised. > _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
