Adjustments to 32406 per review

When we are failing because of a lack of a _required_ engine, note
that the engine was "required".

When engines are disabled, any required engine should cause a
failure.

diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c
index d7a3e0692ba90d04ff87c2056be0042691d5302d..f028422acb5c19ca57763176e652ec648fbd1b2e 100644 (file)
--- a/src/lib/crypt_ops/crypto_openssl_mgt.c
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.c
@@ -290,6 +290,11 @@ crypto_openssl_init_engines(const char *accelName,
   (void)accelName;
   (void)accelDir;
   log_warn(LD_CRYPTO, "No OpenSSL hardware acceleration support enabled.");
+  if (accelName && accelName[0] == '!') {
+    log_warn(LD_CRYPTO, "Unable to load required dynamic OpenSSL engine "
+             "\"%s\".", accelName+1);
+    return -1;
+  }
   return 0;
 #else
   ENGINE *e = NULL;
@@ -312,7 +317,8 @@ crypto_openssl_init_engines(const char *accelName,
       e = ENGINE_by_id(accelName);
     }
     if (!e) {
-      log_warn(LD_CRYPTO, "Unable to load dynamic OpenSSL engine \"%s\".",
+      log_warn(LD_CRYPTO, "Unable to load %sdynamic OpenSSL engine \"%s\".",
+               required?"required ":"",
                accelName);
       if (required)
         return -1;

diff --git a/src/test/conf_examples/crypto_accel_req/error b/src/test/conf_examples/crypto_accel_req/error
index 7fab0c8dad9c55a660929892008486791898af5b..e12e002915ac9a8a06e309e0d6cc88afd431fa87 100644 (file)
--- a/src/test/conf_examples/crypto_accel_req/error
+++ b/src/test/conf_examples/crypto_accel_req/error
@@ -1 +1 @@
-Unable to load dynamic OpenSSL engine "nonexistent_chartreuse_accelerator"
+Unable to load required dynamic OpenSSL engine "nonexistent_chartreuse_accelerator"