Added handling of CURLINFO_SSL_ENGINES;

Added Curl_SSL_engines_list(), cleanup SSL in url.c
(no HAVE_OPENSSL_x etc.).

lib/ssluse.c

@@ -482,6 +482,77 @@ void Curl_SSL_Close(struct connectdata *conn)
 }
 #endif
 
+
+/* Selects an OpenSSL crypto engine
+ */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e = ENGINE_by_id(engine);
+
+  if (!e) {
+    failf(data, "SSL Engine '%s' not found", engine);
+    return (CURLE_SSL_ENGINE_NOTFOUND);
+  }
+
+  if (data->engine) {
+    ENGINE_finish(data->engine);
+    ENGINE_free(data->engine);
+  }
+  data->engine = NULL;
+  if (!ENGINE_init(e)) {
+    ENGINE_free(e);
+    failf(data, "Failed to initialise SSL Engine '%s'", engine);
+    return (CURLE_SSL_ENGINE_INITFAILED);
+  }
+  data->engine = e;
+  return (CURLE_OK);
+#else
+  failf(data, "SSL Engine not supported");
+  return (CURLE_SSL_ENGINE_NOTFOUND);
+#endif
+}
+
+/* Sets above engine as default for all SSL operations
+ */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  if (data->engine) {
+    if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
+      infof(data,"set default crypto engine %s\n", data->engine);
+    }
+    else {
+      failf(data, "set default crypto engine %s failed", data->engine);
+      return CURLE_SSL_ENGINE_SETFAILED;
+    }
+  }
+#else
+  (void) data;
+#endif
+  return (CURLE_OK);
+}
+
+/* Build the list of OpenSSL crypto engine names. Add to
+ * linked list at data->engine_list.
+ */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data)
+{
+#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+  ENGINE *e;
+
+  /* Free previous list */
+  if (data->engine_list)
+    curl_slist_free_all(data->engine_list);
+
+  data->engine_list = NULL;
+  for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+    data->engine_list = curl_slist_append(data->engine_list, ENGINE_get_id(e));
+#endif
+  return (CURLE_OK);
+}
+
+
 #ifdef USE_SSLEAY
 
 /*
@@ -620,11 +691,15 @@ int Curl_SSL_Close_All(struct SessionHandle *data)
     free(data->state.session);
   }
 #ifdef HAVE_OPENSSL_ENGINE_H
-  if(data->engine)
+  if(data->engine) {
-  {
+    ENGINE_finish(data->engine);
     ENGINE_free(data->engine);
     data->engine = NULL;
   }
+  if (data->engine_list)
+    curl_slist_free_all(data->engine_list);
+  data->engine_list = NULL;
+
 #endif
   return 0;
 }
@@ -1483,3 +1558,4 @@ Curl_SSLConnect(struct connectdata *conn,
 #endif
   return retcode;
 }
+

lib/ssluse.h

@@ -35,4 +35,14 @@ void Curl_SSL_Close(struct connectdata *conn); /* close a SSL connection */
 /* tell the SSL stuff to close down all open information regarding
    connections (and thus session ID caching etc) */
 int Curl_SSL_Close_All(struct SessionHandle *data);
+
+/* Sets an OpenSSL engine */
+CURLcode Curl_SSL_set_engine(struct SessionHandle *data, const char *engine);
+
+/* Sets above engine as default for all SSL operations */
+CURLcode Curl_SSL_set_engine_default(struct SessionHandle *data);
+
+/* Build list of OpenSSL engines */
+CURLcode Curl_SSL_engines_list(struct SessionHandle *data);
+
 #endif

lib/strerror.c

@@ -200,6 +200,9 @@ curl_easy_strerror(CURLcode error)
   case CURLE_SSL_ENGINE_SETFAILED:
     return "can not set SSL crypto engine as default";
 
+  case CURLE_SSL_ENGINE_INITFAILED:
+    return "failed to initialise SSL crypto engine";
+
   case CURLE_SEND_ERROR:
     return "failed sending data to the peer";
 

lib/url.c

@@ -97,9 +97,6 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
 #endif
 #endif
 
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
 #include "urldata.h"
 #include "netrc.h"
 
@@ -1150,45 +1147,15 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
      * String that holds the SSL crypto engine.
      */
     argptr = va_arg(param, char *);
-    if (argptr && argptr[0]) {
+    if (argptr && argptr[0])
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+       result = Curl_SSL_set_engine(data, argptr);
-      ENGINE *e = ENGINE_by_id(argptr);
-      if (e) {
-        if (data->engine) {
-          ENGINE_free(data->engine);
-        }
-        data->engine = e;
-      }
-      else {
-        failf(data, "SSL Engine '%s' not found", argptr);
-        result = CURLE_SSL_ENGINE_NOTFOUND;
-      }
-#else
-      failf(data, "SSL Engine not supported");
-      result = CURLE_SSL_ENGINE_NOTFOUND;
-#endif
-    }
     break;
 
   case CURLOPT_SSLENGINE_DEFAULT:
     /*
      * flag to set engine as default.
      */
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
+    result = Curl_SSL_set_engine_default(data);
-    if (data->engine) {
-      if (ENGINE_set_default(data->engine, ENGINE_METHOD_ALL) > 0) {
-#ifdef DEBUG
-        fprintf(stderr,"set default crypto engine\n");
-#endif
-      }
-      else {
-#ifdef DEBUG
-        failf(data, "set default crypto engine failed");
-#endif
-        return CURLE_SSL_ENGINE_SETFAILED;
-      }
-    }
-#endif
     break;
   case CURLOPT_CRLF:
     /*

lib/urldata.h

@@ -975,6 +975,7 @@ struct SessionHandle {
   struct PureInfo info;        /* stats, reports and info data */
 #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
   ENGINE *engine;
+  struct curl_slist *engine_list; /* list of names from ENGINE_get_id() */
 #endif /* USE_SSLEAY */
 };