"We don't "totally ignore" any docs, but we sometimes totally fail to find the docs we should've read." OpenSSL has some of the worst documentation on the web. Don't worry about it.

Viega, Messier, and Chandra's "Network Security with OpenSSL" is the book I use most often (I try not to bother with the docs). http://shop.oreilly.com/product/9780596002701.do.

An example of initialization can be found at http://wiki.openssl.org/index.php/Libcrypto_API. It was written by a fellow named Matt who is good about checking his work. Initializing should be as simple as calling OPENSSL_config(). OPENSSL_config(), in turn, calls OPENSSL_load_builtin_modules() and ENGINE_load_builtin_engines(). See, for example, http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/crypto/conf/conf_sap.c.

An example of loading the Intel RDRAND engine is given at http://wiki.openssl.org/index.php/Random_Numbers#Hardware. Its a simple program, and does not call any additional configuration functions. That is, it avoids OPENSSL_config() which avoids ENGINE_load_builtin_engines().

---
** [bugs:#1208] curl is unable to load non-default openssl engines**
**Status:** closed-later
**Labels:** openssl 
**Created:** Mon Mar 25, 2013 12:18 AM UTC by drook
**Last Updated:** Sat Jun 22, 2013 08:25 PM UTC
**Owner:** Daniel Stenberg
curl is unable to load non-default openssl engines, because openssl isn't initialized properly - curl ignores the openssl configutration file. for example curl cannot load ccgost engine, provided since 1.0.0:
    # /usr/local/openssl/bin/openssl engine
    (rsax) RSAX engine support
    (rdrand) Intel RDRAND engine
    (dynamic) Dynamic engine loading support
    (gost) Reference implementation of GOST engine
    # ldd /usr/local/curl/bin/curl
        linux-vdso.so.1 =>  (0x00007fff0c9ff000)
        libcurl.so.4 => /usr/local/curl/lib/libcurl.so.4 (0x00007fb5f1f17000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007fb5f1d00000)
        librt.so.1 => /lib/librt.so.1 (0x00007fb5f1af7000)
        libc.so.6 => /lib/libc.so.6 (0x00007fb5f1795000)
        libssl.so.1.0.0 => /usr/local/openssl/lib/libssl.so.1.0.0 (0x00007fb5f152c000)
        libcrypto.so.1.0.0 => /usr/local/openssl/lib/libcrypto.so.1.0.0 (0x00007fb5f1151000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00007fb5f0f35000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fb5f2178000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007fb5f0d31000)
    # /usr/local/curl/bin//curl --engine list
    Build-time engines:
      rsax
      rdrand
      dynamic
"It is strongly recommended that all new applications call OPENSSL_config() or the more sophisticated functions such as CONF_modules_load() during initialization (that is before starting any threads). By doing this an application does not need to keep track of all configuration options and some new functionality can be supported automatically." - curl totally ignores this openssl note.
The patch provided fixes the issue.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.