Hi
I am having an issue when I try OpenSSL initialization with corrupt
configuration file. It basically kills my application, which should not be the
case. Is there any way I can avoid this?
Here is how I can repro this issue
1- Create a new file openssl.cf file with simply entry "aaa". This is
corrupt conf file.
2- Set OPENSSL_CONF env for above file
3- Run the code.
Result
The application terminate because there is exit(1) code in "OPENSSL_config()"
function.
Is there any way I can avoid termination of my application and get an error?
I think It should return an error saying "Initialization failed".
Code
void OPENSSL_config(const char *config_name)
{
if (openssl_configured)
return;
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
/* Add others here? */
ERR_clear_error();
if (CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
{
BIO *bio_err;
ERR_load_crypto_strings();
if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
{
BIO_printf(bio_err,"Auto configuration failed\n");
ERR_print_errors(bio_err);
BIO_free(bio_err);
}
exit(1);
}
return;
}
Thanks
Sanjay Rai
