Ciphers provided by engine not accessible...?

Richard Levitte levitte at openssl.org
Mon Jul 22 19:38:11 UTC 2019


On Mon, 22 Jul 2019 21:17:01 +0200,
Blumenthal, Uri - 0553 - MITLL wrote:
> 
> Turned out the failure was my misconfiguration - but the "config"
> man page doesn't seem to describe the *exact* order of the
> statements/sections.

It does, but perhaps not in a way you expected.  Here's a paragraph
from config(5), about the so called default section:

       The first section of a configuration file is special and is referred to
       as the default section. This section is usually unnamed and spans from
       the start of file until the first named section. When a name is being
       looked up it is first looked up in a named section (if any) and then
       the default section.

"start of the file until the first section" is key.  This is found
fairly early in the description.

And then, early in "OPENSSL_LIBRARY CONFIGURATION":

       To enable library configuration the default section needs to contain an
       appropriate line which points to the main configuration section. The
       default name is openssl_conf which is used by the openssl utility.
       Other applications may use an alternative name such as
       myapplication_conf.  All library configuration lines appear in the
       default section at the start of the configuration file.

"the default section" is key.

So the "openssl_conf = openssl_init" line must be early in the config
file.  The order of the different named sections doesn't (or
shouldn't) really matter.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-users mailing list