[openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others
mclellan, dave
dave.mclellan at emc.com
Thu Jan 22 17:35:55 UTC 2015
Hi. I'm running openssl CLI 1.0.1j (for example) on a bunch of different unix platforms. On all of them, the default missing /usr/local/ssl/openssl.cnf causes a warning, but the CLI continues to initialize and opens the command line. We've known about this behavior since first incorporating 1.0.1c years ago); this is no big deal.
Except for AIX: on all our AIX machines of varying versions, the missing /usr/local/ssl/openssl.cnf raises a permission error, and openssl CLI refuses to run.
openssl version
1152921504606846944:error:0200100D:system library:fopen:Permission denied:bss_file.c:169:fopen('/usr/local/ssl/openssl.cnf','rb')
1152921504606846944:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:174:
1152921504606846944:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199:
None of the hosts we've visited have /usr/local/ssl, not to mention the actual default file. In fact, on some, even non-AIX hosts, permissions would suggest that the permission should be returned.
Should this be happening? Is AIX simply less forgiving, and returns a more serious error. Or is the openssl CLI handling the missing file differently on AIX?
Thanks for any enlightenment shareable.
Dave
+-+-+-+-+-+-+-+-+-
Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 South St.
Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749
Office: 508-249-1257, FAX: 508-497-8027, Mobile: 978-500-2546, dave.mclellan at emc.com
+-+-+-+-+-+-+-+-+-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150122/05f8803e/attachment.html>
More information about the openssl-users
mailing list