OpenVPN: OpenSSL error: cannot load engine 'padlock'
-
I'm not sure, if this is already the new imageโฆI just tried it:
2.1-BETA1 (i386) built on Fri Jan 25 22:52:45 EST 2013 FreeBSD 8.3-RELEASE-p5
Still no working OpenVPN with padlock enabled.
-
Same error? Different error?
-
I still get the same error.
-
ok, I think I see what it is now, it didn't copy all of the package version's files to the image, so it's missing the .so files for the other engines. I'll fix that shortly.
-
OK the next new image to go up should have the fixes.
It's not up yet, it will take ~3-4 hours to build and upload.
-
New image is up now.
-
Upgraded to the latest built (2.1-BETA1 (i386) built on Sat Jan 26 10:18:38 EST 2013 FreeBSD 8.3-RELEASE-p5):
โฆ
openvpn[18810]: Initializing OpenSSL support for engine 'padlock
โฆIt works again ย :)
Thanx jimp & MatSim for the fast fix. You guys doing an amazing work!
-
@MatSim:
Thank you Jim for your efforts, if things work fine with padlock, I'd like to make a PR to the port maintainer concerning the messed up naming of the padlock patches you had to override in the openssl port.
It doesn't seem many people use padlock -ย otherwise that would have been fixed upstream already. ;-)Feel free to push that one up to FreeBSD. It was a simple fix, rename the patches and "make makesum" to update the checksum/names.
I guess nobody goes out of their way to use the ports openssl+padlock, but it does work with the base version so people probably just use that.
-
Done, for the reference: http://www.freebsd.org/cgi/query-pr.cgi?pr=175622
-
In addition to the other fixes I made, I just added some smarter code to the openvpn engine option that does better checking for not just the engines on the system but also which engines are actually usable.
That way if something like this were to happen in the future, the VPN wouldn't have failed, it just would not have used the padlock engine.
