问题
I'm trying to setup openSSL under Windows 7 to use a vendor specific security module.
From the vendor I got a PKCS#11 API dll (lets say vendor.dll). The PKCS#11 engine has been created according to https://github.com/OpenSC/libp11
As described in the link, for testing, I start
openssl engine pkcs11 -t
but get:
D:\Gateway\openSSL\Win32\Release>openssl engine pkcs11 -t
11020:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared library:.\crypto\dso\dso_win32.c:179:filename(\usr\local\ssl\lib\engines\pkcs11.dll)
11020:error:25070067:DSO support routines:DSO_load:could not load the shared library:.\crypto\dso\dso_lib.c:233:
11020:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:.\crypto\engine\eng_dyn.c:467:
11020:error:2606A074:engine routines:ENGINE_by_id:no such engine:.\crypto\engine\eng_list.c:390:id=pkcs11
The configuration file is:
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = D:\Gateway\libp11\libp11-master\src\pkcs11.dll
MODULE_PATH = D:\Gateway\driver\smgw\Win32\vendor.dll
init = 0
It tries to find the dll in a unix directory \usr\local... It seems, that the content of dynamic path is not evaluated at all, because I can specify whatever there, I get alwys the error message above.
What am I doing wrong?
回答1:
Before the other entries in the config file, you need:
[openssl_def]
engines = engine_section
On the other hand, the following lines are not needed:
engine_id = pkcs11
init = 0
Also check (using, e.g., ldd) that the libraries you reference can actually be loaded. If a lib they depend on cannot be found, the dynamic loader will fail on them and then try to use default library paths such as
/usr/local/ssl/lib/engines/<engine-id>.dll
来源:https://stackoverflow.com/questions/41119744/pkcs11-engine-for-openssl