[openssl-dev] [openssl.org #4675] Bug: Parsing Configuration that contains System Variables

[Georg Höllrigl via RT]

Hello,

I think there is a bug in the config file parsing code.

Configuration:
-------------------------------
openssl version -a
OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014)
built on: Tue Apr  8 11:04:36 CEST 2014
platform: Cygwin
options:  bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS  -DDSO_DLFCN
-DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486
-Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/ssl"
-------------------------------

Changed Config File to
-------------------------------
cat /usr/ssl/openssl.cnf
[req]
promt=no
distinguished_name=dn
default_md=sha256
default_bits=2048
req_extensions=alt_names

[dn]
C=AT
ST=SomeState
L=MyLocation
O="Test"
OU="Test"
E="test at example.com"

[alt_names]
subjectAltName=${ENV::SAN}
-------------------------------

As long as $SAN is unset I get
openssl version
6870300:error:0E065068:configuration file routines:STR_COPY:variable has no
value:conf_def.c:618:line 17

Setting an empty variable, fixes the problem:

export SAN="" && openssl version
OpenSSL 1.0.1k 8 Jan 2015 (Library: OpenSSL 1.0.1g 7 Apr 2014)

Expected beahviour: Such a configuration file should also work when it
contains an empty variable.

I've tested this behaivor on different systems and with different verison.

Kind Regards,
Georg


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4675
Please log in as guest with password guest if prompted