Re: path to openssl.cnf hardcoded?

Thu, 24 Jan 2013 16:52:25 -0800 



It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way
to change it is by setting the environment variable OPENSSL_CONF. I
don't have that option.

In my setup, I am installing openssl to a temp dir ($(SSLDIR)/base)
on a build machine and then copying it to the target machine
(/usr/bin). In my makefile I have:

     ./Configure fips no-asm no-hw shared --prefix="/usr"
--openssldir="$(SSLDIR)/base" --with-fipsdir="$(SSLDIR)/fips"
$(CROSS) && \
     $(MAKE) && \
     $(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"

but when I run openssl on the target I get this:

# openssl
WARNING: can't open config file: <long path>/openssl.cnf
OpenSSL>

The --prefix="/usr" switch tells openssl where to find the libs etc.
Is there a similar switch to tell it where to find the config file?
I tried export OPENSSL_CONF="/usr" before the Configure in my
makefile but it didn't do anything...


Does that "<long path>" correspond to $(SSLDIR)/base?
I'd suggest trying leaving everything pointing to where it should go on the target system and using --install_prefix for the temp directory location or 
doing make install_sw INSTALL_PREFIX=/some/path
location.

OK, so now I have:
./Configure fips no-asm no-hw shared --install_prefix="$(SSLDIR)/base" --prefix="/usr" --with-fipsdir="$(SSLDIR)/fips" $(CROSS) && \ 
$(MAKE) && \
$(MAKE) install_sw
but when I run openssl on the target machine I still get the same warning message. 
yes, <long path> == $(SSLDIR)/base.


OK, I just checked this a bit more closely.
You cen see where it expects to fine openssl.cnf by checking OPENSSLDIR in 
Makefile.
If that isn't an appropriate location you can set --openssldir to the path to 
the directory on the target system it should appear in.

Well I checked Makefile and on line 32 it says:
OPENSSLDIR=/usr/ssl
but when I run it on the target it's still looking in the install_prefix dir...
After further experimentation, it appears that --openssldir defines where the default openssl.cnf gets put at build time, but the openssl tool looks for it in INSTALL_PREFIX. Is that correct? 


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to