Timo Sirainen wrote:
On Mon, 2011-11-21 at 23:49 +0100, Martin Preen wrote:
# /usr/sfw/bin/openssl engine (pkcs11) PKCS #11 engine support
ENGINE_set_default_RSA(e); ENGINE_set_default_DSA(e); ENGINE_set_default_ciphers(e);
in ssl_proxy_init() and inserting ENGINE_cleanup(); in ssl_proxy_deinit() the crypto device gets used. I'm sure that this is not the whole story since this only seems to affect the IMAP login. It should work for POP3 as well, all of the SSL code is shared. I couldn't find the EncryptUpdate call which has to be changed too (due to the howto documents). Maybe some other call needs e patch. But I don't know which.
What EncryptUpdate?.. I've anyway added the engine init/deinit calls in your email to v2.1 hg. Lets hope it works :) At least it didn't break when I tried it with "dynamic" value (which is the only engine my OpenSSL supports).
Probably I'm wrong (I have no experience with SSL programming). I thught the EncryptUpdate was necessary for the encoding of the SSL data stream. But maybe there has to be a link between engine initialization and the SSL contexts ?
Martin
Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany
phone: ++49 761 203-8250 preen@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/~preen