[openssl-users] WARNING message "can't open config file” when running openssl command

Viktor Dukhovni openssl-users at dukhovni.org
Thu Feb 4 19:16:02 UTC 2016

On Thu, Feb 04, 2016 at 06:57:08PM +0000, Salz, Rich wrote:

> > It works, thank you for your suggestions! I am just wondering is there any
> > other options, for example eliminate the WARNING message while building
> > the openssl libraries and executables?
> You could modify the source (e_os2.h, somewhere in that #ifdef maze sorry) to set the default ot be /dev/null

The OP should try 1.1.0-dev (master built from source) and see
whether it behaves differently.  What I see is that most of the
commands that don't explicitly need configuration data quietly
ignore a missing default configuration file.  

In master (1.1.0-dev), only commands like "openssl req" that want
various subject DN prompts, ...  complain when there's no configuration
file.  And "req" has a "-config" argument that makes that go away.

So in 1.0.2: I get

    $ OpenSSL_1_0_2/bin/openssl version
    WARNING: can't open config file: .../OpenSSL_1_0_2/ssl/openssl.cnf
    OpenSSL 1.0.2g-dev  xx XXX xxxx

But master (1.1.0-dev) is silent:

    $ mv OpenSSL_master/ssl/openssl.cnf{,.hide}
    $ OpenSSL_master/bin/openssl version
    OpenSSL 1.1.0-pre3-dev  xx XXX xxxx
    $ mv OpenSSL_master/ssl/openssl.cnf{.hide,} 

So the issue is addressed in 1.1.0.  Since the warnings have been
with us since at least the initial 1.0.2 release, and are not new
with 1.0.2f, they're likely to stay for now.


More information about the openssl-users mailing list