Re: [openssl-users] test make_verify fails on brand new red hat enterprise 7 box

Fri, 18 May 2018 09:52:34 -0700 

>
>
> So what does your certs/demo directory look like? Do you have the
> necessary symbolic links (created during "make" somewhere I think).
>


Links are missing.

The problem has something to do with the default path to openssl.conf. In
my case it is based on the build prefix I used.
If the path does not exist, make rehash will create links happily.
If the dir exists but my build account does not have access permissions,
make rehash is unhappy and refuses to create links.

rm rehash.time
make rehash

Doing certs/demo
140097379800768:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140097379800768:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
140097379800768:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
140367544841920:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140367544841920:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
140367544841920:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
WARNING: Skipping duplicate certificate dsa-ca.pem
140697328998080:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140697328998080:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
140697328998080:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
WARNING: Skipping duplicate certificate dsa-pca.pem
139717812614848:error:0200100D:system library:fopen:Permission
denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
139717812614848:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:184:
139717812614848:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:203:
WARNING: Skipping duplicate certificate pca-cert.pem



I don't know why openssl handles both errors in a different way. In general
the build does not care about the inaccessible config. That behavior suits
me.

Maybe the build should detect the problem with make rehash. Or force an
OPENSSL_CONF value that will make it happy. Here's the workaround I applied
to my build script.

...
rm rehash.time
make OPENSSL_CONF= rehash

make test


Problem nailed. Thank you for your help!


-- 
Philippe Anctil

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to