When using OpenSSL via the command-line, I am able to change the default engine by setting my
openssl.cnf (see Sample code below). I now want to change the default engine while using the EVP API, ideally by changing a config file.
The larger context is that I am using a Go wrapper around EVP, which supports neither setting the engine globally nor setting the engine for signing/verifying (the only operations I care about). I am investigating options (e.g. using cgo to set the engine globally or forking the library) involving code changes, but it would be ideal if I could avoid them.
EVP does not seem to read the config file and I can't find/understand documentation online on whether this is possible or not. Is the configuration file automatically loaded (and I'm just doing it wrong?) or do I need to do something like call OPENSSL_INIT_LOAD_CONFIG?
openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so MODULE_PATH = /usr/local/Cellar/opensc/0.19.0/lib/pkcs11/opensc-pkcs11.so PIN = "123456" init = 0
$ openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support (pkcs11) pkcs11 engine