Victor Wagner wrote:
- Under Unix systems stunnel doesn't provide UI_METHOD for
ENGINE_load_private_key. It passes NULL there and engine complains that no user interface provided.
Done.
OpenSSL UI objects have two methods to pass arbitraty pointers along
generic ex_data based macros UI_set_app_data/UI_get_app_data
UI-specific UI_add_user_data/UI_get0_user_data
[cut]
All engines shipped with OpenSSL (ones which do provide load_private_key method) use UI_add_user_data to pass data to the callback.
Ok. I'll switch to UI_add_user_data/UI_get0_user_data. That's the way it's implemented in openssl-1.0.0a/apps/apps.c. I assume OpenSSL authors believe it's safe. AFAIK UI_set_app_data/UI_get_app_data is currently undocumented in OpenSSL.
/* if set_app_Data haven't-return anything */ if (!ui_data) ui_data=UI_get0_user_data(ui);
This heuristics doesn't look reliable. If app_data is used by an engine than it could contain arbitrary garbage instead of NULL. Did I miss anything?
Thus it would work even with really broken engines which do not pass userdata from ENGINE_load_private_key to UI callbacks at all.
I guess that would break default tests built into OpenSSL.
Mike