[openssl-dev] [openssl.org #3936] Bug (maybe) report

[William Freeman via RT]

This could be a real bug, a doc bug, or I'm just not getting it.

I'm using "-config" with "openssl req" and "openssl ca" to use an alternate openssl.cnf file.  The command bombs because (being run as non-root) it can't read the default /etc/pki/tls/openssl.cnf file, since it is owned by root and mode 600 (CentOS 6.2, openssl 1.0.1e from RPM), and the command is not being run as root.

My alternate openssl.cnf file is in the current working directory, and I have tried making the -config argument each of "openssl.cnf", "./openssl.cnf", and the full absolute path to the file.  My file is mode 600 and owned by the user running the command and has mode 600.

In no case does it complain of not being able to read my file (but maybe it never gets that far).  It complains of not being able to read the default file.

So, does -config *NOT* suppress reading of the default file (the man page implies that it does)?  Have I missed an option for suppressing it?

Is this a bug, a local installation problem, or could the documentation use improvement.

Here's an example of a failing command:

(imposter)[ imposter at imposter_bill ~/imposter/non-git/CA ]
$ openssl req -config /home/imposter/imposter/non-git/CA/openssl.cnf  -newkey rsa -nodes -keyout localhost.key -out localhost.csr
140615126005576:error:0200100D:system library:fopen:Permission denied:bss_file.c:169:fopen('/etc/pki/tls/openssl.cnf','rb')
140615126005576:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:174:
140615126005576:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199:
(imposter)[ imposter at imposter_bill ~/imposter/non-git/CA ]
$

-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod