configure wpa_supplicant to work with openssl

Jouni Malinen j at w1.fi
Sat Jun 30 06:42:58 EDT 2012


On Sun, Jun 24, 2012 at 03:07:02PM +0300, moran arx wrote:
> I already looked at these examples of conf file.
> The supplicant loads the enginepkcs11.so but doesnt load myengine.so.
> I investigated the code and couldn't find who suppose to load the module.
> In openssl the function ENGINE_init suppose to load it. but in
> wpa_supplicant no one calls this function.

ENGINE_init() is called from tls_engine_init() in
src/crypto/tls_openssl.c when EAP-TLS is being initialized if the
configuration file has engine=1 like the
wpa_supplicant/examples/openCryptoki.conf example has.

You can see it in the debug log with something like this:

EAP: Status notification: accept proposed method (param=TLS)
EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
TLS: using phase1 config options
SSL: Initializing TLS engine
unable to load module /usr/lib/opencryptoki/libopencryptoki.so
ENGINE: engine init failed (engine: pkcs11) [error:80001401:PKCS11
library:PKCS11_CTX_load:Unable to load PKCS#11 module]

(I didn't have the opencryptoki package installed, but that error is
from ENGINE_init() which does get called here.).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list