Hello...

I am experiencing the exact problem described in ticket #1242
(http://rt.openssl.org/Ticket/Display.html?id=1242) with 0.9.8e and
0.9.8g. The ticket claims that this was fixed, but that doesn't seem to
be the case.

If I launch OpenSSL with no parameters, then the first command run at
the OpenSSL> prompt will work normally. Any subsequent command produces
the following error:

Error configuring OpenSSL
7244:error:26078067:engine routines:ENGINE_LIST_ADD:conflicting engine
id:eng_list.c:116:
7244:error:2606906E:engine routines:ENGINE_add:internal list
error:eng_list.c:288:
7244:error:260B6067:engine routinesYNAMIC_LOAD:conflicting engine
id:eng_dyn.c:540:
7244:error:0E07606D:configuration file routines:MODULE_RUN:module
initialization error:conf_mod.c:234:module=engines,
value=engine_section, retcode=-1
error in engine

This occurs using the stock RedHat packages on RHEL5 (x86_64), as well
as a built-from-source version of 0.9.8g on the same system.

My openssl.cnf file contains the following (everything below this is
stock/default as installed from a 'make install'):

================================================== =========================
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd

openssl_conf = openssl_init

[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section

[ engine_section ]
LunaCA3 = luna_section

[ luna_section ]
dynamic_path = /usr/local/ssl/lib/engines/liblunaca3.so
init = 0

# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]

# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6

################################################## ##################
[ ca ]
default_ca = CA_default # The default ca section
================================================== =========================


My rather quick and poor solution to this problem was to modify
conf_mod.c (0.9.8g) as follows, but there's probably a better way to do
it:
================================================== =========================
diff -ruN a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
--- a/crypto/conf/conf_mod.c 2007-09-06 05:43:49.000000000 -0700
+++ b/crypto/conf/conf_mod.c 2008-01-11 15:13:30.000000000 -0700
@@ -58,6 +58,7 @@

#include
#include
+#include
#include
#include "cryptlib.h"
#include
@@ -119,6 +120,8 @@
static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char
*value,

unsigned long flags);

+int engines_already_loaded=0;
+
/* Main function: load modules from a CONF structure */

int CONF_modules_load(const CONF *cnf, const char *appname,
@@ -153,10 +156,20 @@
for (i = 0; i < sk_CONF_VALUE_num(values); i++)
{
vl = sk_CONF_VALUE_value(values, i);
- ret = module_run(cnf, vl->name, vl->value, flags);
+ if (!(strcmp(vl->name, "engines")) &&
engines_already_loaded)
+ ret = 1;
+ else
+ ret = module_run(cnf, vl->name, vl->value,
flags);
if (ret <= 0)
+ {
if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
return ret;
+ }
+ else
+ {
+ if(!(strcmp(vl->name, "engines")))
+ engines_already_loaded = 1;
+ }
}

return 1;
================================================== =========================

--
Ryan

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org