[openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others

mclellan, dave dave.mclellan at emc.com
Thu Jan 22 17:35:55 UTC 2015

Hi.   I'm running openssl CLI 1.0.1j (for example) on a bunch of different unix platforms.   On all of them, the default missing /usr/local/ssl/openssl.cnf causes a warning, but the CLI continues to initialize and opens the command line.  We've known about this behavior since first incorporating 1.0.1c years ago); this is no big deal.

Except for AIX: on all our AIX machines of varying versions, the missing /usr/local/ssl/openssl.cnf raises a permission error, and openssl CLI refuses to run.

openssl version
1152921504606846944:error:0200100D:system library:fopen:Permission denied:bss_file.c:169:fopen('/usr/local/ssl/openssl.cnf','rb')
1152921504606846944:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:174:
1152921504606846944:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:199:

None of the hosts we've visited have /usr/local/ssl, not to mention the actual default file.  In fact, on some, even non-AIX hosts, permissions would suggest that the permission should be returned.

Should this be happening? Is AIX simply less forgiving, and returns  a more serious error.   Or is the openssl CLI handling the missing file differently on AIX?

Thanks for any enlightenment shareable.

Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 South St.
Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749
Office:    508-249-1257, FAX: 508-497-8027, Mobile:   978-500-2546, dave.mclellan at emc.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150122/05f8803e/attachment.html>

More information about the openssl-users mailing list