Message ID | 2a4c7e4096a54e0134bfba6011dcc178cc2af586.camel@infradead.org |
---|---|
State | Accepted |
Headers | show |
Series | [v3] Fix ENGINE support with OpenSSL 1.1+ | expand |
On Sun, Apr 28, 2019 at 09:56:34PM +0300, David Woodhouse wrote: > Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and > deprecated APIs") removed a call to ENGINE_load_dynamic() for newer > versions of OpenSSL, asserting that it should happen automatically. > > That appears not to be the case, and loading engines now fails because > the dynamic engine isn't present. > > Fix it by calling ENGINE_load_builtin_engines(), which works for all > versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings() > because that should have happened when SSL_load_error_strings() is > called anyway. Thanks, applied.
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 705fa29a3..c996ea562 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1033,11 +1033,8 @@ void * tls_init(const struct tls_config *conf) } #ifndef OPENSSL_NO_ENGINE - wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_ENGINE_strings(); - ENGINE_load_dynamic(); -#endif /* OPENSSL_VERSION_NUMBER */ + wpa_printf(MSG_DEBUG, "ENGINE: Loading builtin engines"); + ENGINE_load_builtin_engines(); if (conf && (conf->opensc_engine_path || conf->pkcs11_engine_path ||