CURLINFO_SSL_ENGINES 不列出 openssl 引擎

CURLINFO_SSL_ENGINES don't list openssl engine

我尝试将引擎 pkcs11 与 curl 一起使用。

首先,我将引擎 pkcs11 添加到 openssl。

int initEngine()
{
    ENGINE_load_builtin_engines();

    ENGINE *e;
    display_engine_list();
    e = ENGINE_by_id("dynamic");
    if(!e)
    {
        return -1;
    }
    if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_SO_PATH, 0))
    {
        return -2;
    }
    if(!ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0))
    {
        return -3;
    }
    if(!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0))
    {
        return -4;
    }
    if(!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 1))
    {
        return -5;
    }
    if(!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", NOM_LIB_CPS_PKCS_V5, 0))
    {
        return -6;
    }
    if(!ENGINE_init(e))
    {
        ENGINE_free(e);
        return -8;
    }
    ENGINE_free(e);

    display_engine_list();
    return 0;
}

这部分有效:

engine 0, id = "rdrand", name = "Intel RDRAND engine"
engine 1, id = "dynamic", name = "Dynamic engine loading support"
engine 2, id = "pkcs11", name = "pkcs11 engine"

然后我想配置 curl 来使用它。

int InitSsl(const char *CACertificat, const char *certificat)
{
    CURLcode res = CURLE_OK;

    if ( NULL != curl )
    {
        struct curl_slist *engines = NULL;

        curl_easy_getinfo(curl, CURLINFO_SSL_ENGINES, &engines);

        for ( ; engines; engines = engines->next)
        {
            fprintf (stderr,"  %s\n", engines->data);
        }
        curl_slist_free_all(engines);


        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl,CURLOPT_SSLVERSION,CURL_SSLVERSION_TLSv1);

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl,CURLOPT_SSLCERT,certificat);

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");    

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl,CURLOPT_SSLKEY,"xxxxxx");

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"ENG");

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl, CURLOPT_SSLENGINE, "pkcs11");

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl,CURLOPT_CAINFO, CACertificat);

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);

        if ( res == CURLE_OK )
            res = curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1);
    }

    return res;
}

控制台上没有显示引擎。我有错误:

Erreur num  53 : SSL crypto engine not found

似乎引擎没有列出 curl。

当我在命令行上尝试时,我有:

> curl.exe --version
curl 7.60.0 (i386-pc-win32) libcurl/7.60.0 OpenSSL/1.0.2o WinIDN
Release-Date: 2018-05-16
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL HTTPS-proxy

> curl.exe --engine list
Build-time engines:
  <none>

> openssl engine -t
(rdrand) Intel RDRAND engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
(pkcs11) pkcs11 engine
     [ available ]

对于此测试,我使用 openssl 构建了 curl: nmake /f Makefile.vc mode=dll WITH_SSL=dll SSL_PATH=C:\OpenSSL-Win32

如果我安装支持 openssl 的 curl 并将我的引擎设置在 OPENSSL_CONF 文件上,我没有问题。

我的测试是Windows10.

我找到了解决办法。默认情况下 HAVE_OPENSSL_ENGINE_H 未在 config-win32.h 上定义。我已经编辑了这个文件并且它有效。