Proper way to cleanup dynamic engines and can they be loaded twice?
I am having problems loading Engine PKCS #11 as a dynamic engine using python and M2Crypto. I am trying to access an Aladdin USB eToken.
Here are the important steps from my python code:
dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so")
pkcs11.engine_init_custom() # initialize engine with custom M2Crypto patch
# next few steps which I deleted pass password and grab key & cert off token
Engine.cleanup()
This works fine the first time this method gets run. The second time, it fails when loading the dynamic engine (see error below).
Traceback (most recent call last): File "", line 1, in ? File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 98, in load_dynamic_engine e.ctrl_cmd_string("LOAD", None) File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 38, in ctrl_cmd_string raise EngineError(Err.get_error()) M2Crypto.Engine.EngineError: 4002:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521:
Is it impossible to load engines twice in a python session? Am I missing some kind of engine cleanup/deletion? The OpenSSL docs talk about engine_finish() but I don't think M2Crypto offers that. Is there a method to tell 开发者_开发问答if the engine is already loaded?
Thanks!
M2Crypto does have ENGINE_finish and ENGINE_free available in the svn trunk version. The Engine
class has init
, and finish
methods, and when an instance gets deleted it will be free
'd. Can you give that a try? If you see any issues there is still time to fix them for next release.
My python code displayed nicer than it is in the comment section. The pkcs11.finish() method causes a segmentation fault in M2Crypto revision 723.
dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so")
pkcs11.init()
# next few steps which I deleted pass password and grab key & cert off token
pkcs11.finish()
Engine.cleanup()
Anyone have advice on whether I'm doing something wrong or if there is a problem with the M2Crypto code?
精彩评论