reassign 584911 openssl 0.9.8g-15+lenny6
retitle 584911 unreadable /usr/lib/ssl/openssl.cnf file breaks OPENSSL_config
thanks
* Mirko Gebauer:
>> BIND uses the NULL argument, as far as I can tell. So this might be
>> an OpenSSL bug.
>
> Well, all I can say is that bind9 as provided by the package version
> "1:9.5.1.dfsg.P3-1+lenny1" doesn't show the reported behavior, and
> that both "1:9.5.1.dfsg.P3-1+lenny1" and the current
> "1:9.6.ESV.R1+dfsg-0+lenny1" depend on the same version of
> "libssl0.9.8".
This is a bug in OpenSSL, and it is impossible to work around in
bind9, unfortunately. Here's the relevant exceprt from
ERR_clear_error();
if (CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
{
BIO *bio_err;
ERR_load_crypto_strings();
if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
{
BIO_printf(bio_err,"Auto configuration failed\n");
ERR_print_errors(bio_err);
BIO_free(bio_err);
}
exit(1);
}
return;
}
The propblem is that it's not ignoring permission errors, in contrast
to what's promised in the manual page. And there doesn't appear to be
a way to bypass that exit(1) call.
I guess the only viable fix is to keep /etc/ss/openssl.cnf
world-readable.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]