I have a config file, "/etc/ssl/openssl.cnf". This config file gives the
details of an engine to use for random number generation. I know that this
config file is well-formed because I have confirmed that it uses my engine
when I try to use the "openssl" utility at the command line to generate a
random number.
I have been able to determine though that some other programs which link
with "libssl.so" are NOT using my engine.
Since I already know that my
config file is well-formed, I can only conclude that these other programs
are initialising the OpenSSL library as follows:
OPENSSL_noconfig();
So in order to make sure that every program that links with "libssl.so"
actually uses my engine, I think I need to go into the OpenSSL source code and
replace the OPENSSL_noconfig function like this:
int OPENSSL_config(void)
{
return OPENSSL_config();
}
Can anyone think of any other ideas to ensure that "libssl.so" always uses
the engine specified in the config file?
