On Fri, Apr 24, 2020 at 9:07 AM Nicola Tuveri <nic.tuv@xxxxxxxxx> wrote: > At https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers there was already an example of how to do this programmatically, and a link to the manpage for the config file syntax. That's not working for me: Failed to load Legacy provider: error:25000067:DSO support routines::could not load the shared library /home/sam/w/core/tls/./node[26693]: ../../src/node_crypto.cc:6804:void node::crypto::InitCryptoOnce(): Assertion `"Unreachable code reached"' failed. 1: 0x557630598d84 node::Abort() [/home/sam/w/core/tls/./node] From: /* Load Multiple providers into the default (NULL) library context */ auto legacy = OSSL_PROVIDER_load(0, "legacy"); if (legacy == nullptr) { unsigned long err = ERR_get_error(); fprintf(stderr, "Failed to load Legacy provider: %s\n", ERR_error_string(err, nullptr)); UNREACHABLE(); } auto deflt = OSSL_PROVIDER_load(0, "default"); if (deflt == nullptr) { unsigned long err = ERR_get_error(); fprintf(stderr, "Failed to load Default provider: %s\n", ERR_error_string(err, nullptr)); OSSL_PROVIDER_unload(legacy); UNREACHABLE(); } I notice that the legacy.so isn't in the same folder as the other .so files, so I tried: LD_LIBRARY_PATH=/usr/local/stow/openssl-3.0.0-alpha1/lib:/usr/local/stow/openssl-3.0.0-alpha1/lib/ossl-modules But that didn't work. It looks like adding this did work: OSSL_PROVIDER_set_default_search_path(0, "/usr/local/stow/openssl-3.0.0-alpha1/lib/ossl-modules"); What are the default values? I built with prefix set to /usr/local, but then installed to the DESTDIR directory above, is that what caused me trouble? Cheers, Sam > I just added also a minimal config file example to load both the default and the legacy provider in the default library context. > > > Cheers, > > Nicola > > On Fri, 24 Apr 2020 at 17:56, Sam Roberts <vieuxtech@xxxxxxxxx> wrote: >> >> On Fri, Apr 24, 2020 at 1:05 AM Matt Caswell <matt@xxxxxxxxxxx> wrote: >> > This one is interesting: >> > >> > ERR_OSSL_EVP_FETCH_FAILED >> > >> > >> > This means that the algorithm you are trying to use isn't available in >> > the loaded providers. Since you should be getting the default provider >> > loaded automatically it could be because some legacy algorithms were >> > moved to the legacy provider (MD2, MD4, MDC2, RMD160, CAST5, BF >> > (Blowfish), IDEA, SEED, RC2, RC4, RC5 and DES (but not 3DES)). If you're >> > using something from that list then that would explain it. >> >> Can we add the legacy provider, via configuration, or via code?
