[openssl-dev] [openssl.org #4562] Possible bug in OPENSSL_config - ignore input parameter
Matt Caswell via RT
rt at openssl.org
Fri Jun 10 16:37:44 UTC 2016
On Fri Jun 10 13:02:57 2016, zaz at ua7.net wrote:
> Hello
>
> Looks like OPENSSL_config have a bug as result users can't set
> alternative path to openssl.cnf file.
> If you take a look on implementation of void OPENSSL_config(const char
> *config_name) it call a
> CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION |
> CONF_MFLAGS_IGNORE_MISSING_FILE);
> As you can see "config_name" put to "CONF_modules_load_file" as second
> argument, but if you take a look on:
> int CONF_modules_load_file(const char *filename, const char *appname,
> unsigned long flags)
>
> Looks like CONF_modules_load_file expected config file name as FIRST
> argument (instead of second).
This actually looks to me like a documentation error. The parameter to
OPENSSL_config() is not *intended* to be a filename at all - it has never
worked that way, and if you read the original commit messages you can see that
was never the intention (it is the application name within the config file).
The original documentation was a little unclear, but never actually said that
it was a filename. It then got "cleaned up" in commit 14d3b76be to what it is
now (which is wrong).
So, I think the actual fix is to correct the documentation. We should also
probably make it more obvious that it is deprecated in 1.1.0 (it does say it on
the page but you have to read half of it before you realise).
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4562
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list