This is a discussion on Re: engine format keys - modssl ; > > Ah, right. You'll also need to ensure that the initialisation order all= ows > > the engine to be properly initialised (including maybe some control > > commands to prepare anything the engine needs) *before* the key is ...
> > Ah, right. You'll also need to ensure that the initialisation order all=
> > the engine to be properly initialised (including maybe some control
> > commands to prepare anything the engine needs) *before* the key is
> > loaded. I have a vague recollection that this isn't the case? Though I
> > could be wide of the mark here.
> I think init of the engine may be ok, but I'm not sure where my
> problem lies right now. Maybe in password input, or somewhere else...
Yep, passphrase entry is at least part of the problem with calling
ENGINE_load_private_key. After a few different attempts, I'm a bit
stumped. The load key call wants a UI* passed to it, which eventually
has UI_process() called on it by the engine. I've tried various ways
of stuffing the modssl_read_bio_cb_fn pointer and the server rec into
this structure, with a custom flush function which'd get called by
UI_process. I haven't been able to test this approach yet, since it
appears that openssl's UI_STRING and UI_METHOD structs aren't declared
in a way that works in ui.h. For instance, any mention of
sizeof(UI_STRING) brings an incomplete type error. Any help would be
appreciated, I may not be using the ui interface correctly.
> > > Ahh, I see. Thanks for the info. I guess the next step is to poke
> > > the apache2 guys for openssl 0.9.8 support. I did try compiling 2.1
> > > beta with it without luck.
> > I'd suggest you contact Joe Orton - in fact he's probably on this list
> > too. If the 2.1 beta (and/or cvs HEAD) don't properly handle 0.9.8, the=
> > there's a problem.
> Yep, I was wrong about this.. I'm working on 2.1.8 right now which
> compiles fine. I'll post when I can narrow down the problem any more.
> Thanks for the help,
IBM LTC Security Dev.
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com