Issue with v1.1.1 in CentOS 8 regarding OPENSSL_CONF

Viktor Dukhovni openssl-users at
Fri Mar 6 03:40:29 UTC 2020

On Thu, Mar 05, 2020 at 08:08:42PM -0500, Michael Stemle, Jr wrote:

> <BOM-found-here>Hello!

For some reason your email client included a UTF-8 BOM at the start of
the message text.  Best to not do that.

> I’ve been troubleshooting an issue with OpenSSL in a dependency of a
> Perl module I maintain. It looks like the rabbitmq-c library that the
> module uses implemented CONF_modules_load_file(), but it seems to be
> causing problems and I’m not sure how to address it properly. 

What does "implemented" mean?

> Here’s the bug on my module as reported by the CPAN testers:

I added a comment:

> Here’s an issue I raised and have been troubleshooting with the C
> library which implements rabbitmq:
> I’m not quite sure what the right path forward is here, and I would greatly appreciate some advice.

With OpenSSL 1.1.1b and forward the correct way to initialize the SSL
library with a custom application name "appname" (from some code slated
to some day be integrated into Postfix) is:

    OPENSSL_INIT_SETTINGS *init_settings = NULL;
    unsigned long init_opts = 0;
    unsigned long init_flags = CONF_MFLAGS_IGNORE_MISSING_FILE;

    if ((init_settings = OPENSSL_INIT_new()) == 0) {
        /* error */

    OPENSSL_INIT_set_config_appname(init_settings, "appname");
     * By not including CONF_MFLAGS_IGNORE_RETURN_CODES, we get strict error
     * reporting.  We don't insist on a match for the requested application
     * name, allowing fallback to the default application name, even when a
     * non-default application name is specified by always setting the
    OPENSSL_INIT_set_config_file_flags(init_settings, init_flags);

    if (OPENSSL_init_ssl(init_opts, init_settings) <= 0) {
        /* error */

I don't recall whether/when it may be appropriate to call
CONF_module_load_file().  That may have to be done after the library is

I still don't know what all those looping libraries were, none of the
sort are present on my system.


More information about the openssl-users mailing list