From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.

Also, fix CHANGES (consistency with stable branch).

diff --git a/CHANGES b/CHANGES
index 208ff318e5b03e93af7ad4d7bfab358516954bf1..e8d45736c6bf0f4a609f90d43307599395950c5a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -703,13 +703,7 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
-  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
-     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
-     attribute creation routines such as certifcate requests and PKCS#12
-     files.
-     [Steve Henson]
-
- Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
 
   *) Fix a state transitition in s3_srvr.c and d1_srvr.c
      (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
@@ -741,6 +735,10 @@
 
      [Neel Mehta, Bodo Moeller]
 
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
   *) Add support for Local Machine Keyset attribute in PKCS#12 files.
      [Steve Henson]
 
@@ -759,11 +757,11 @@
      This work was sponsored by Logica.
      [Steve Henson]
 
->>> Note: this change doesn't apply to the 0.9.9-dev branch (yet).
-  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
-     the load fails. Useful for distros.
-     [Ben Laurie and the FreeBSD team]
-<<<
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
 
  Changes between 0.9.8g and 0.9.8h  [28 May 2008]
 

diff --git a/apps/openssl.c b/apps/openssl.c
index 8323b5965959bfc12597cd49b3f7cd0885ff1bff..5d61d171cab3be8d4147a382450a7ef6447f240d 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -272,9 +272,21 @@ int main(int Argc, char *Argv[])
        i=NCONF_load(config,p,&errline);
        if (i == 0)
                {
-               NCONF_free(config);
-               config = NULL;
-               ERR_clear_error();
+               if (ERR_GET_REASON(ERR_peek_last_error())
+                   == CONF_R_NO_SUCH_FILE)
+                       {
+                       BIO_printf(bio_err,
+                                  "WARNING: can't open config file: %s\n",p);
+                       ERR_clear_error();
+                       NCONF_free(config);
+                       config = NULL;
+                       }
+               else
+                       {
+                       ERR_print_errors(bio_err);
+                       NCONF_free(config);
+                       exit(1);
+                       }
                }
 
        prog=prog_init();

diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
index a97e01e619ff024d7e3c45a52e2b98dee195aba6..afd6b6f8c7f991c4396db1790159f4da3e3b219b 100644 (file)
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -98,6 +98,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
        CONF_VALUE *ecmd;
        char *ctrlname, *ctrlvalue;
        ENGINE *e = NULL;
+       int soft = 0;
+
        name = skip_dot(name);
 #ifdef ENGINE_CONF_DEBUG
        fprintf(stderr, "Configuring engine %s\n", name);
@@ -125,6 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                /* Override engine name to use */
                if (!strcmp(ctrlname, "engine_id"))
                        name = ctrlvalue;
+               else if (!strcmp(ctrlname, "soft_load"))
+                       soft = 1;
                /* Load a dynamic ENGINE */
                else if (!strcmp(ctrlname, "dynamic_path"))
                        {
@@ -147,6 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                        if (!e)
                                {
                                e = ENGINE_by_id(name);
+                               if (!e && soft)
+                                       {
+                                       ERR_clear_error();
+                                       return 1;
+                                       }
                                if (!e)
                                        return 0;
                                }