I'm trying to use stunnel with the SSL Hardware Engine patch (posted by Neil Dunbar to this mailing list in March) on Windows.
I apply the patch to the 4.05 codebase and build stunnel with MinGW. I'm able to use stunnel normally without exercising any hardware engine functionality. This tells me that the basics are working.
I then run stunnel with the config file containing the following kinds of hardware engine parameters:
SSLEngine=c:\windows\system32\engine_pkcs11.dll SSLEngineOpt=MODULE_PATH=c:\windows\system32\acpkcs201.dll
But when I run stunnel, I get errors with dynamic library loading like:
error stack: 260B6084 : error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
And similar errors like that. This gives me the impression that I haven't linked stunnel properly on windows to be able to use OpenSSL dynamic libraries. Or perhaps some other explanation that I don't understand :-)
Is it possible to compile stunnel on Windows (either with MinGW or with Visual C++) to be able to use the hardware engine patch? Any pointers/assistance would be greatly appreciated.
Thanks,
-Kartik
Hi Diarmuid,
I saw your response to my message, but I'm not sure what to make of it :-)
The problem is not that I don't have the patch -- I do have the patch and have been able to apply it to the code. (BTW the patch that you posted seems to be missing the SSLEngineOpt parameter in Neil Dunbar's patch, which is required for opensc's engine_pkcs11.dll for specifying the vendor-specific PKCS11 library).
My problem is that stunnel doesn't seem to be able to have OpenSSL dynamically load the engine DLL. If someone can tell me how to compile stunnel to do this on Windows, or if someone has been able to compile stunnel with the hardware engine patch successfully on Windows and is willing to share, that'd be great.
Thanks,
-Kartik
Kartik Subbarao wrote: [...]
But when I run stunnel, I get errors with dynamic library loading like:
error stack: 260B6084 : error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
Ok -- I got past this particular issue (I needed to add more options and make an allowance for the LOAD command not having an argument).
But now I've run into another issue. stunnel on Windows is a GUI app, but the OpenSC engine_pkcs11.dll needs to prompt for the SmartCard PIN as a text input. When I run stunnel, it just goes into an infinite loop (most likely because the OpenSC code has an infinite loop where it prompts for the PIN until it gets it).
I'll ask the OpenSC folks for advice from their side, but I was wondering if there was any way, as a workaround, to disable the GUI and just make stunnel run interactively on the command line on Windows.
Thanks for any suggestions.
-Kartik
Just FYI, I was able to get past this issue as well by setting a custom reader with UI_method_set_reader(). If anyone is curious I can provide more details. Once I get some more time, I will try to see if I can work up a reasonable patch for general use.
-Kartik
Kartik Subbarao wrote:
Kartik Subbarao wrote: [...]
But when I run stunnel, I get errors with dynamic library loading like:
error stack: 260B6084 : error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
Ok -- I got past this particular issue (I needed to add more options and make an allowance for the LOAD command not having an argument).
But now I've run into another issue. stunnel on Windows is a GUI app, but the OpenSC engine_pkcs11.dll needs to prompt for the SmartCard PIN as a text input. When I run stunnel, it just goes into an infinite loop (most likely because the OpenSC code has an infinite loop where it prompts for the PIN until it gets it).
I'll ask the OpenSC folks for advice from their side, but I was wondering if there was any way, as a workaround, to disable the GUI and just make stunnel run interactively on the command line on Windows.
Thanks for any suggestions.
-Kartik
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
Kartik Subbarao