Twice initialization openssl #6254
Description
I did this
Full steps to reproduce problem:
- Build GOST engine for openssl 1.1.1
$ mkdir /tmp/testgostengine/
$ git clone -b openssl_1_1_1 --single-branch https://github.com/gost-engine/engine /tmp/testgostengine/
$ mkdir /tmp/testgostengine/build/; cd /tmp/testgostengine/build/
$ cmake --configure .
$ cmake --build . --config Release
- Write minimal config
$ cat /tmp/testgostengine/example.conf | sed 's|dynamic_path = ./bin/gost.so|dynamic_path = /tmp/testgostengine/bin/gost.so|g' > /tmp/testgostengine/openssl.conf
- Use it to connect to test host
$ OPENSSL_CONF=/tmp/testgostengine/openssl.conf curl --insecure --head https://tlsgost-2001.cryptopro.ru/
Output of command
$ OPENSSL_CONF=/tmp/testgostengine/openssl.conf curl --insecure 'https://tlsgost-2001.cryptopro.ru/'
GOST engine already loaded
<!DOCTYPE html>
<html>
<head>
<title>Welcome to Crypto-Pro tls server!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to Crypto-Pro tls server!</h1>
<p> TLS connection with id-GostR3410-2001-CryptoPro-XchA-ParamSet no auth requred.</p>
</body>
</html>
And in this output we have some problem like GOST engine already loaded. Is it problem with twice initialization openssl in curl? For example, if I don't use curl and do fetch by only php and openssl like this, I haven't this error:
Test php script:
$ cat << 'EOF' > /tmp/testgostengine/test.php
<?php
$mySSLContext = array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
),
);
print_r(file_get_contents("https://tlsgost-2001.cryptopro.ru/", false, stream_context_create($mySSLContext)));
EOF
Output:
$ OPENSSL_CONF=/tmp/testgostengine/openssl.conf php /tmp/testgostengine/test.php
<!DOCTYPE html>
<html>
<head>
<title>Welcome to Crypto-Pro tls server!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to Crypto-Pro tls server!</h1>
<p> TLS connection with id-GostR3410-2001-CryptoPro-XchA-ParamSet no auth requred.</p>
</body>
</html>
No error GOST engine already loaded.
I expected the following
$ OPENSSL_CONF=/tmp/testgostengine/openssl.conf curl --insecure 'https://tlsgost-2001.cryptopro.ru/'
<!DOCTYPE html>
<html>
<head>
<title>Welcome to Crypto-Pro tls server!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to Crypto-Pro tls server!</h1>
<p> TLS connection with id-GostR3410-2001-CryptoPro-XchA-ParamSet no auth requred.</p>
</body>
</html>
curl/libcurl version
$ curl -V
curl 7.73.0 (x86_64-pc-linux-gnu) libcurl/7.73.0 OpenSSL/1.1.1h zlib/1.2.11 zstd/1.4.5 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.41.0
Release-Date: 2020-10-14
Protocols: dict file ftp ftps gopher http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd
operating system
Archlinux
uname -a
Linux myzion 5.9.10-arch1-1 #1 SMP PREEMPT Sun, 22 Nov 2020 14:16:59 +0000 x86_64 GNU/Linux