[pkg-opensc-maint] Bug#1079985: Enabling pkcs11 engine makes openssl req operations fail
Paweł Bogusławski
pawel.boguslawski at ib.pl
Thu Aug 29 09:51:18 BST 2024
Package: libengine-pkcs11-openssl
Version: 0.4.12-0.1
In Debian 12 when /etc/ssl/openssl.cnf contains PKCS#11 config like
described on
https://github.com/OpenSC/libp11#using-the-engine-from-the-command-line
generating CSR throws an error
root at myhost:~/tmp# openssl req -new -sha256 -subj '/CN=test at example.com'
-key ./key.pem -out ./csr.pem
4097CD77667F0000:error:03000093:digital envelope
routines:default_check:command not
supported:../crypto/evp/ctrl_params_translate.c:329:
No such error if engines=engine_section line is commented out in
/etc/ssl/openssl.cnf
No such error when patch
https://github.com/OpenSC/libp11/commit/f546a81067f9093b43d725fe52a14a5929574bb0.patch
from
https://github.com/OpenSC/libp11/issues/456
is applied to 0.4.12-0.1 sources.
--
Regards,
Paweł Bogusławski
E: pawel.boguslawski at ib.pl
More information about the pkg-opensc-maint
mailing list