> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton > Sent: Monday, December 01, 2014 16:18 (reordered) > On Mon, Dec 1, 2014 at 3:47 PM, Tanel Lebedev <tanel.lebe...@gmail.com> wrote: > > I'm building and packaging OpenSSL as a third party library in my app. I > > also include a certificate bundle with it. > > > > Now it seems that the OpenSSL library that is packaged with my app, tries to > > pick up users local OpenSSL settings (/some/path/openssl.cnf). > > > > Is there any way to turn this off, when building OpenSSL? I'd like the > > OpenSSL library not to poke around on users machine, only use the > > certificate bundle I've specified etc. > > I'm not sure if there is a configuration switch like no-conf. > `Configure` is not much help here since it silently consumes bad > options. > > If interested, I believe you can change the behavior at runtime with > `OPENSSL_no_config`. See > https://www.openssl.org/docs/crypto/OPENSSL_config.html. > If your app actually calls OPENSSL_config presumably you want config.
The "hidden" one is that OPENSSL_add_all_algorithms, also known as SSLeay_add_all_algorithms, which many apps call as part of a "standard" initialization, can be compiled to a _conf or a _no_conf variant and _conf calls OPENSSL_config(NULL). But only if you set macro OPENSSL_LOAD_CONF at *app* compile which shouldn't happen unintentionally. See evp.h. But unless your app makes calls to look at specific config items and sections, the only thing configured "automatically" is modules and engines. In particular config does not alter app trusted CAs. That is controlled only and explicitly by whether your app calls _load_verify_locations or _default_verify_paths. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
