Background
When using OpenSSL via the command-line, I am able to change the default engine by setting my openssl.cnf
(see Sample code below). I now want to change the default engine while using the EVP API, ideally by changing a config file.
The larger context is that I am using a Go wrapper around EVP, which supports neither setting the engine globally nor setting the engine for signing/verifying (the only operations I care about). I am investigating options (e.g. using cgo to set the engine globally or forking the library) involving code changes, but it would be ideal if I could avoid them.
Issue
EVP does not seem to read the config file and I can't find/understand documentation online on whether this is possible or not. Is the configuration file automatically loaded (and I'm just doing it wrong?) or do I need to do something like call OPENSSL_INIT_LOAD_CONFIG?
Sample code
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/local/Cellar/opensc/0.19.0/lib/pkcs11/opensc-pkcs11.so
PIN = "123456"
init = 0
$ openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine