OSSL_STORE_open() returns error:16000069:STORE routines::unregistered scheme

Wed Dec 27 22:38:58 UTC 2023

On 27 Dec 2023, at 15:48, Tomas Mraz <tm at t8m.info> wrote:

> Do you have the default or base provider loaded?

I understand from https://www.openssl.org/docs/man3.0/man7/ossl_store-file.html that "Support for the ‘file’ scheme is built into libcrypto.”, so in theory yes the default or base provider should be loaded, put in practise from this debug trace below no.

I am using openssl-3.0.7-24.el9.x86_64 as packaged in RHEL9.

Stepping through the openssl code, it seems the default “file” is not present, is this expected?

I’ve tried both “/tmp/seawitch.pem” and “file:///tmp/seawitch.pem”, both show the same problem.

Thread 9 "ns-slapd" hit Breakpoint 1, OSSL_STORE_open (uri=0x7faef3c02fc0 "/tmp/seawitch.pem", ui_method=0x0, ui_data=0x0, post_process=0x0, post_process_data=0x0)
    at crypto/store/store_lib.c:224
224	{
(gdb) next
225	    return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
(gdb) step
OSSL_STORE_open_ex (uri=0x7faef3c02fc0 "/tmp/seawitch.pem", libctx=libctx at entry=0x0, propq=propq at entry=0x0, ui_method=0x0, ui_data=0x0, params=params at entry=0x0, post_process=0x0, 
    post_process_data=0x0) at crypto/store/store_lib.c:68
68	{
(gdb) next
84	    schemes[schemes_n++] = "file";
(gdb) 
93	    OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
(gdb) 
94	    if ((p = strchr(scheme_copy, ':')) != NULL) {
(gdb) print scheme_copy
$1 = "/tmp/seawitch.pem\000\037\365\256\177\000\000\370\353\037\365\256\177\000\000\250\355\037\365\256\177\000\000\370\353\037\365\256\177\000\000`\322\037\365\256\177\000\000\000\274\315\363\256\177\000\000\300\350\aI\257\177\000\000\370\353\037\365\256\177\000\000K\276\024H\257\177\000\000\313\064\000H\257\177\000\000 at b\301\363\256\177\000\000 )\300\363\256\177\000\000\000\000\000\000\000\000\000\000x7\000H\257\177\000\000\203\264\023H\257\177\000\000\000\000\000\000\000\000\000\000\023\000\000\000\000\000\000\000 )\300\363\256\177\000\000\000\000\000\000\000\000\000\000\255\r\001H\257\177\000\000 *\300\363\256\177\000\000t'\300\363\256\177\000\000\340\016\317\363\256\177\000\000"...
(gdb) next
103	    ERR_set_mark();
(gdb) 
113	    for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
(gdb) 
117	        if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) {
(gdb) print scheme
$2 = 0x7faf48132c30 "file"
(gdb) next
126	        if (loader == NULL
(gdb) 
129	            const OSSL_PROVIDER *provider =
(gdb) 
131	            void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
(gdb) 
134	            loader_ctx = fetched_loader->p_open(provctx, uri);
(gdb) 
135	            if (loader_ctx == NULL) {
(gdb) 
136	                OSSL_STORE_LOADER_free(fetched_loader);
(gdb) 
148	    if (no_loader_found)
(gdb) 
157	    if (loader_ctx == NULL)
(gdb) 
195	    ERR_clear_last_mark();
(gdb) 
196	    if (loader_ctx != NULL) {
(gdb) 
214	    OSSL_STORE_LOADER_free(fetched_loader);
(gdb) 
215	    OPENSSL_free(propq_copy);
(gdb) 
216	    OPENSSL_free(ctx);
(gdb) 
tlso_ctx_init (lo=0x7faef3c00460, lt=0x7faef51fd910, is_server=0, errmsg=0x7faef51fd9f0 "") at tls_o.c:627
627				if (!sctx) {

Regards,
Graham
—

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231227/062d7fd9/attachment-0001.htm>