Re: OpenSSL, relative paths of configuration file

Wed, 07 Apr 2010 11:48:28 -0700 

Hello Michael,


[...]
$HOME = . # [active directorey, from which I call openssl]



You better check that one - it may have been a typo here, but *nix systems
__never__ specify the "current working directory" as the $HOME directory.

*nix and nearly all other "single tree" file system OS have an entire
sub-tree for the users home directories.


I know that, but if you read the comments in the openssl.cnf file,
then you will understand.

---snip---
# This definition stops the following lines choking if HOME isn't
# defined.
HOME   = .
RANDFILE  = $ENV::HOME/.rnd
---snap---

But the question is still the same. Leads this point/path to the
current working/active directory while openssl.cnf is loading
and where the .rnd will be created or leads this point/path
relative to the openssl executable (in both cases elf or mz
executable) which would mean the .rnd file will be created in
the bin directory (think now this can't be the idea) or leads that
point/path relative to the openssl.cnf file, which would create
the .rnd file in the directory where openssl.cnf/cfg resides.

Then what's about the two poins/paths which leads to
the toplevel directory "where everything is kept"

dir  = ./demoCA  # Where everything is kept
certs  = $dir/certs  # Where the issued certs are kept


Something like: $HOME=/home/steinbach would be more likely.

I acknowledge that for the case of creating the .rnd file, but the
"dir" var in openssl.cnf file would lead to which directory?

I would like to know that in advance, because in one case I
get an error, which says that my privatekey.pem (which is
configured in the oopennssl.cnf file relative to that point/path)
can't be found. And then additional I get the error

REM Loading 'screen' into random state - done
REM Generating RSA private key, 2048 bit long modulus
REM ....+++
REM ...+++
REM unable to write 'random state'
REM e is 65537 (0x10001)

if I do the following command:

"openssl genrsa -out mytest.key -aes128 2048 -days 365"


Thomas

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to