Greetings, I have identified several problems in the way OpenSSL 1.0.0's c_rehash works. This breaks on any nonstandard configuration, in that:
- c_rehash POSTFIXES $dir/bin to the PATH, when it should prefix it. ($dir inherits $openssldir from Configure) - c_rehash should use $prefix/bin, not $openssldir/bin (comment ditto) This causes several issues: - If THE RIGHT VERSION OF openssl isn't already in PATH or unless openssl is (uncommon!) overridden to $prefix/bin, c_rehash will be unable to identify the proper openssl executable and abort. - If multiple versions of OpenSSL are installed in parallel, for instance, 0.9.8X under /usr and OpenSSL 1.0.0 under /opt/openssl-1.0.0, c_rehash will grab the wrong version of openssl and thus the wrong hash algorithm, making OpenSSL unable to find its certificates. This has already caused bogus bug reports: <https://developer.berlios.de/bugs/?func=detailbug&bug_id=17073&group_id=1824> The attached patch fixes these OpenSSL issues: - It adds a line "my $prefix;" to tools/c_rehash.in - It uses the line to derive the path component - It PREPENDS this to the existing path - It AVOIDS adding a path separator if $ENV{PATH} happens to be empty - It teaches Configure to replace my $prefix as it regenerates c_rehash from the .in file. The patch applies to OpenSSL 1.0.0 on - I guess - all platforms, and possibly earlier versions too. Please check earlier versions and adopt where needed. Thank you. -- Matthias Andree
diff -up ./Configure.orig ./Configure --- ./Configure.orig 2010-01-19 22:40:54.000000000 +0100 +++ ./Configure 2010-04-12 18:24:47.000000000 +0200 @@ -1789,11 +1789,11 @@ EOF (system $make_command.$make_targets) == 0 or exit $? if $make_targets ne ""; if ( $perl =~ m...@^/@) { - &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); } else { # No path for Perl known ... - &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { diff -up ./tools/c_rehash.in.orig ./tools/c_rehash.in --- ./tools/c_rehash.in.orig 2009-04-22 18:50:42.000000000 +0200 +++ ./tools/c_rehash.in 2010-04-12 18:23:39.000000000 +0200 @@ -7,6 +7,7 @@ my $openssl; my $dir; +my $prefix; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; @@ -24,7 +25,7 @@ if (defined(&Cwd::getcwd)) { } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? -$ENV{PATH} .= "$path_delim$dir/bin"; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path if(! -x $openssl) { my $found = 0;