[openssl-users] test make_verify fails on brand new red hat enterprise 7 box
Philippe Anctil
philippe.anctil at gmail.com
Fri May 18 16:51:55 UTC 2018
>
>
> So what does your certs/demo directory look like? Do you have the
> necessary symbolic links (created during "make" somewhere I think).
>
Links are missing.
The problem has something to do with the default path to openssl.conf. In
my case it is based on the build prefix I used.
If the path does not exist, make rehash will create links happily.
If the dir exists but my build account does not have access permissions,
make rehash is unhappy and refuses to create links.
rm rehash.time
make rehash
Doing certs/demo
140097379800768:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140097379800768:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
140097379800768:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
140367544841920:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140367544841920:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
140367544841920:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
WARNING: Skipping duplicate certificate dsa-ca.pem
140697328998080:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140697328998080:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
140697328998080:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
WARNING: Skipping duplicate certificate dsa-pca.pem
139717812614848:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
139717812614848:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
139717812614848:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
WARNING: Skipping duplicate certificate pca-cert.pem
I don't know why openssl handles both errors in a different way. In general
the build does not care about the inaccessible config. That behavior suits
me.
Maybe the build should detect the problem with make rehash. Or force an
OPENSSL_CONF value that will make it happy. Here's the workaround I applied
to my build script.
...
rm rehash.time
make OPENSSL_CONF= rehash
make test
Problem nailed. Thank you for your help!
--
Philippe Anctil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180518/86f51317/attachment.html>
More information about the openssl-users
mailing list