On Fri, Jan 25, 2013, T J wrote: > > >>>>>>It seems the path to the config file is hardcoded into the openssl > >>>>>>executable at compile time based on the install dir and the only way > >>>>>>to change it is by setting the environment variable OPENSSL_CONF. I > >>>>>>don't have that option. > >>>>>> > >>>>>>In my setup, I am installing openssl to a temp dir ($(SSLDIR)/base) > >>>>>>on a build machine and then copying it to the target machine > >>>>>>(/usr/bin). In my makefile I have: > >>>>>> > >>>>>> ./Configure fips no-asm no-hw shared --prefix="/usr" > >>>>>>--openssldir="$(SSLDIR)/base" --with-fipsdir="$(SSLDIR)/fips" > >>>>>>$(CROSS) && \ > >>>>>> $(MAKE) && \ > >>>>>> $(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base" > >>>>>> > >>>>>>but when I run openssl on the target I get this: > >>>>>> > >>>>>># openssl > >>>>>>WARNING: can't open config file: <long path>/openssl.cnf > >>>>>>OpenSSL> > >>>>>> > >>>>>>The --prefix="/usr" switch tells openssl where to find the libs etc. > >>>>>>Is there a similar switch to tell it where to find the config file? > >>>>>>I tried export OPENSSL_CONF="/usr" before the Configure in my > >>>>>>makefile but it didn't do anything... > >>>>>> > >>>>Does that "<long path>" correspond to $(SSLDIR)/base? > >>>> > >>>>I'd suggest trying leaving everything pointing to where it > >>>>should go on the > >>>>target system and using --install_prefix for the temp > >>>>directory location or > >>>>doing make install_sw INSTALL_PREFIX=/some/path > >>>>location. > >>>OK, so now I have: > >>> > >>>./Configure fips no-asm no-hw shared > >>>--install_prefix="$(SSLDIR)/base" --prefix="/usr" > >>>--with-fipsdir="$(SSLDIR)/fips" $(CROSS) && \ > >>>$(MAKE) && \ > >>>$(MAKE) install_sw > >>> > >>>but when I run openssl on the target machine I still get the > >>>same warning message. > >>>yes, <long path> == $(SSLDIR)/base. > >>> > >>OK, I just checked this a bit more closely. > >> > >>You cen see where it expects to fine openssl.cnf by checking > >>OPENSSLDIR in > >>Makefile. > >> > >>If that isn't an appropriate location you can set --openssldir > >>to the path to > >>the directory on the target system it should appear in. > >Well I checked Makefile and on line 32 it says: > >OPENSSLDIR=/usr/ssl > >but when I run it on the target it's still looking in the > >install_prefix dir... > > > > After further experimentation, it appears that --openssldir defines > where the default openssl.cnf gets put at build time, but the > openssl tool looks for it in INSTALL_PREFIX. Is that correct? >
It should be the other way round. The --openssldir should indicate the directory openssl.cnf is located on the target system while INSTALL_PREFIX is the location where things get installed on the host system. What does "openssl version -d" shows on the target? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org