issues with sample configuration

[petrovr]

Related to issue #15 and following OpenSSL issue.

So OpenSSL requires engine identifier to be set only once. In sample configuration we could see that engine id is set three times.
This part has to be rewritten:

...
[engine_section]
ibmpkcs11 = ibmpkcs11_section

[ibmpkcs11_section]
SLOT_ID=0
dynamic_path = @LIBDIR@/ibmpkcs11.so
engine_id = ibmpkcs11
...

I would like to propose following:

...
[engine_section]
engine1 = ibmpkcs11_section

[ibmpkcs11_section]
# use next if engine uses non-OpenSSL compatible module name or location
dynamic_path = @LIBDIR@/ibmpkcs11.so
# use next if engine is with OpenSSL compatible module name and location
#engine_id = ibmpkcs11
# engine specific directives
SLOT_ID=0
...

Another part is:

default_algorithms = ALL
#default_algorithms = RAND,RSA,CIPHERS,DIGESTS

Question here is does engine support non-engine keys or keys provided by other engines? I don't know code but I'm not convinced that PKCS#11 related RSA method could set as default.
So proposed correction is:

#default_algorithms = RAND,CIPHERS,DIGESTS

Please check.
Notes:

• some OpenSSL versions (1.0.1*) implement RSA as engine. It is not recommeded to replace engine designed to work with private key material.
• capi (OpenSSL), e_nss (my) use flag ENGINE_FLAGS_NO_REGISTER_ALL to avoid to override of key methods. Reason is simple those engines work with "external" keys and default rsa method cannot be used as it require access to private key.

And finally section finish with:

init = 1

It is harmless and could be skipped. More or less when engine is used it is initialized.

P.S. My comments are based on experianse with keys stored provided by engine and used in ssh . PKIX-SSH (https://roumenpetrov.info/secsh/ ) unlike OpenBSD version work fine with engines and supports keys provided by engine (either plain or with X.509 certificate).
Use of X.509 certificates is our of scope to this issue.