[openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables
Georg Höllrigl via RT
rt at openssl.org
Fri Sep 16 13:54:00 UTC 2016
Hello,
I think there is a bug in the config file parsing code.
Configuration:
-------------------------------
openssl version -a
OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014)
built on: Tue Apr 8 11:04:36 CEST 2014
platform: Cygwin
options: bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN
-DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486
-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/ssl"
-------------------------------
Changed Config File to
-------------------------------
cat /usr/ssl/openssl.cnf
[req]
promt=no
distinguished_name=dn
default_md=sha256
default_bits=2048
req_extensions=alt_names
[dn]
C=AT
ST=SomeState
L=MyLocation
O="Test"
OU="Test"
E="test at example.com"
[alt_names]
subjectAltName=${ENV::SAN}
-------------------------------
As long as $SAN is unset I get
openssl version
6870300:error:0E065068:configuration file routines:STR_COPY:variable has no
value:conf_def.c:618:line 17
Setting an empty variable, fixes the problem:
export SAN="" && openssl version
OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014)
Expected beahviour: Such a configuration file should also work when it
contains an empty variable.
I've tested this behaivor on different systems and with different verison.
Kind Regards,
Georg
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4675
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list