On 25/01/13 15:39, Dr. Stephen Henson wrote:
On Fri, Jan 25, 2013, T J wrote:
It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way
to change it is by setting the environment variable OPENSSL_CONF. I
don't have that option.
In my setup, I am installing openssl to a temp dir ($(SSLDIR)/base)
on a build machine and then copying it to the target machine
(/usr/bin). In my makefile I have:
./Configure fips no-asm no-hw shared --prefix="/usr"
--openssldir="$(SSLDIR)/base" --with-fipsdir="$(SSLDIR)/fips"
$(CROSS) && \
$(MAKE) && \
$(MAKE) install_sw INSTALLTOP="$(SSLDIR)/base"
but when I run openssl on the target I get this:
# openssl
WARNING: can't open config file: <long path>/openssl.cnf
OpenSSL>
The --prefix="/usr" switch tells openssl where to find the libs etc.
Is there a similar switch to tell it where to find the config file?
I tried export OPENSSL_CONF="/usr" before the Configure in my
makefile but it didn't do anything...
Does that "<long path>" correspond to $(SSLDIR)/base?
I'd suggest trying leaving everything pointing to where it
should go on the
target system and using --install_prefix for the temp
directory location or
doing make install_sw INSTALL_PREFIX=/some/path
location.
OK, so now I have:
./Configure fips no-asm no-hw shared
--install_prefix="$(SSLDIR)/base" --prefix="/usr"
--with-fipsdir="$(SSLDIR)/fips" $(CROSS) && \
$(MAKE) && \
$(MAKE) install_sw
but when I run openssl on the target machine I still get the
same warning message.
yes, <long path> == $(SSLDIR)/base.
OK, I just checked this a bit more closely.
You cen see where it expects to fine openssl.cnf by checking
OPENSSLDIR in
Makefile.
If that isn't an appropriate location you can set --openssldir
to the path to
the directory on the target system it should appear in.
Well I checked Makefile and on line 32 it says:
OPENSSLDIR=/usr/ssl
but when I run it on the target it's still looking in the
install_prefix dir...
After further experimentation, it appears that --openssldir defines
where the default openssl.cnf gets put at build time, but the
openssl tool looks for it in INSTALL_PREFIX. Is that correct?
It should be the other way round. The --openssldir should indicate the
directory openssl.cnf is located on the target system while INSTALL_PREFIX is
the location where things get installed on the host system.
What does "openssl version -d" shows on the target?
openssl version -d shows the INSTALL_PREFIX directory == $(SSLDIR)/base.
OpenSSL> version -d
OPENSSLDIR: "/home/tjordan/workspace/myproject/current/appfs/openssl/build/base"
OpenSSL>
If I set --openssldir="/usr/bin", I see openssl.cnf gets put into:
$(SSLDIR)/base/usr/bin
whereas if I dont put in the --openssldir switch at all (as above) it gets put
into:
$(SSLDIR)/base/usr/ssl
Either way it looks for it in "$(SSLDIR)/base" which of course doesn't exist on
the target.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
