CURLINFO_SSL_ENGINES 不列出 openssl 引擎
CURLINFO_SSL_ENGINES don't list openssl engine
我尝试将引擎 pkcs11 与 curl 一起使用。
首先,我将引擎 pkcs11 添加到 openssl。
int initEngine()
{
ENGINE_load_builtin_engines();
ENGINE *e;
display_engine_list();
e = ENGINE_by_id("dynamic");
if(!e)
{
return -1;
}
if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_SO_PATH, 0))
{
return -2;
}
if(!ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0))
{
return -3;
}
if(!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0))
{
return -4;
}
if(!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 1))
{
return -5;
}
if(!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", NOM_LIB_CPS_PKCS_V5, 0))
{
return -6;
}
if(!ENGINE_init(e))
{
ENGINE_free(e);
return -8;
}
ENGINE_free(e);
display_engine_list();
return 0;
}
这部分有效:
engine 0, id = "rdrand", name = "Intel RDRAND engine"
engine 1, id = "dynamic", name = "Dynamic engine loading support"
engine 2, id = "pkcs11", name = "pkcs11 engine"
然后我想配置 curl 来使用它。
int InitSsl(const char *CACertificat, const char *certificat)
{
CURLcode res = CURLE_OK;
if ( NULL != curl )
{
struct curl_slist *engines = NULL;
curl_easy_getinfo(curl, CURLINFO_SSL_ENGINES, &engines);
for ( ; engines; engines = engines->next)
{
fprintf (stderr," %s\n", engines->data);
}
curl_slist_free_all(engines);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLVERSION,CURL_SSLVERSION_TLSv1);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLCERT,certificat);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLKEY,"xxxxxx");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"ENG");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSLENGINE, "pkcs11");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_CAINFO, CACertificat);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1);
}
return res;
}
控制台上没有显示引擎。我有错误:
Erreur num 53 : SSL crypto engine not found
似乎引擎没有列出 curl。
当我在命令行上尝试时,我有:
> curl.exe --version
curl 7.60.0 (i386-pc-win32) libcurl/7.60.0 OpenSSL/1.0.2o WinIDN
Release-Date: 2018-05-16
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL HTTPS-proxy
> curl.exe --engine list
Build-time engines:
<none>
> openssl engine -t
(rdrand) Intel RDRAND engine
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
(pkcs11) pkcs11 engine
[ available ]
对于此测试,我使用 openssl 构建了 curl:
nmake /f Makefile.vc mode=dll WITH_SSL=dll SSL_PATH=C:\OpenSSL-Win32
如果我安装支持 openssl 的 curl 并将我的引擎设置在 OPENSSL_CONF 文件上,我没有问题。
我的测试是Windows10.
我找到了解决办法。默认情况下 HAVE_OPENSSL_ENGINE_H 未在 config-win32.h 上定义。我已经编辑了这个文件并且它有效。
我尝试将引擎 pkcs11 与 curl 一起使用。
首先,我将引擎 pkcs11 添加到 openssl。
int initEngine()
{
ENGINE_load_builtin_engines();
ENGINE *e;
display_engine_list();
e = ENGINE_by_id("dynamic");
if(!e)
{
return -1;
}
if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_SO_PATH, 0))
{
return -2;
}
if(!ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0))
{
return -3;
}
if(!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0))
{
return -4;
}
if(!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 1))
{
return -5;
}
if(!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", NOM_LIB_CPS_PKCS_V5, 0))
{
return -6;
}
if(!ENGINE_init(e))
{
ENGINE_free(e);
return -8;
}
ENGINE_free(e);
display_engine_list();
return 0;
}
这部分有效:
engine 0, id = "rdrand", name = "Intel RDRAND engine"
engine 1, id = "dynamic", name = "Dynamic engine loading support"
engine 2, id = "pkcs11", name = "pkcs11 engine"
然后我想配置 curl 来使用它。
int InitSsl(const char *CACertificat, const char *certificat)
{
CURLcode res = CURLE_OK;
if ( NULL != curl )
{
struct curl_slist *engines = NULL;
curl_easy_getinfo(curl, CURLINFO_SSL_ENGINES, &engines);
for ( ; engines; engines = engines->next)
{
fprintf (stderr," %s\n", engines->data);
}
curl_slist_free_all(engines);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLVERSION,CURL_SSLVERSION_TLSv1);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLCERT,certificat);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLKEY,"xxxxxx");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"ENG");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSLENGINE, "pkcs11");
if ( res == CURLE_OK )
res = curl_easy_setopt(curl,CURLOPT_CAINFO, CACertificat);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
if ( res == CURLE_OK )
res = curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1);
}
return res;
}
控制台上没有显示引擎。我有错误:
Erreur num 53 : SSL crypto engine not found
似乎引擎没有列出 curl。
当我在命令行上尝试时,我有:
> curl.exe --version
curl 7.60.0 (i386-pc-win32) libcurl/7.60.0 OpenSSL/1.0.2o WinIDN
Release-Date: 2018-05-16
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL HTTPS-proxy
> curl.exe --engine list
Build-time engines:
<none>
> openssl engine -t
(rdrand) Intel RDRAND engine
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
(pkcs11) pkcs11 engine
[ available ]
对于此测试,我使用 openssl 构建了 curl: nmake /f Makefile.vc mode=dll WITH_SSL=dll SSL_PATH=C:\OpenSSL-Win32
如果我安装支持 openssl 的 curl 并将我的引擎设置在 OPENSSL_CONF 文件上,我没有问题。
我的测试是Windows10.
我找到了解决办法。默认情况下 HAVE_OPENSSL_ENGINE_H 未在 config-win32.h 上定义。我已经编辑了这个文件并且它有效。