Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
Hello all, Some engines configure themselves using config, so absence of config can mean non-functional engine. On Thu, May 28, 2015 at 3:36 PM, Short, Todd via RT r...@openssl.org wrote: The parameters in the configuration file, in general, apply only to certificate operations. The openssl application does way more than certificate operations, and seeing a warning for a configuration file that has no impact on the operation being performed is annoying. Rather than completely remove the warning, I would instead suggest that the warning only be issued for certain commands that may use parameters from the configuration file. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On May 28, 2015, at 8:19 AM, Blumenthal, Uri - 0553 - MITLL u...@ll.mit.edumailto:u...@ll.mit.edu wrote: If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.commailto:tsh...@akamai.com tsh...@akamai.commailto: tsh...@akamai.com Cc: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org openssl-dev@openssl.orgmailto:openssl-dev@openssl.org Subject: [openssl-dev] [openssl.orghttp://openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.orgmailto:rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- SY, Dmitry Belyavsky ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
fixed on master: commit cc01d21756cc9c79231ef21039782c5fe42008a2 Author: Rich Salz rs...@akamai.com Date: Thu May 28 13:52:55 2015 -0400 RT3876: Only load config when needed Create app_load_config(), a routine to load config file. Remove the always load config from the main app. Change the places that used to load config to call the new common routine. Reviewed-by: Richard Levitte levi...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
Todd, I agree. Have the warning only where it matters (but have it there). From: Short, Todd [mailto:tsh...@akamai.com] Sent: Thursday, May 28, 2015 08:25 AM To: Blumenthal, Uri - 0553 - MITLL Cc: r...@openssl.org r...@openssl.org; openssl-dev@openssl.org openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found The parameters in the configuration file, in general, apply only to certificate operations. The openssl application does way more than certificate operations, and seeing a warning for a configuration file that has no impact on the operation being performed is annoying. Rather than completely remove the warning, I would instead suggest that the warning only be issued for certain commands that may use parameters from the configuration file. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On May 28, 2015, at 8:19 AM, Blumenthal, Uri - 0553 - MITLL u...@ll.mit.edumailto:u...@ll.mit.edu wrote: If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.commailto:tsh...@akamai.com tsh...@akamai.commailto:tsh...@akamai.com Cc: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org openssl-dev@openssl.orgmailto:openssl-dev@openssl.org Subject: [openssl-dev] [openssl.orghttp://openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.orgmailto:rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.com tsh...@akamai.com Cc: openssl-dev@openssl.org openssl-dev@openssl.org Subject: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.com tsh...@akamai.com Cc: openssl-dev@openssl.org openssl-dev@openssl.org Subject: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
The parameters in the configuration file, in general, apply only to certificate operations. The openssl application does way more than certificate operations, and seeing a warning for a configuration file that has no impact on the operation being performed is annoying. Rather than completely remove the warning, I would instead suggest that the warning only be issued for certain commands that may use parameters from the configuration file. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On May 28, 2015, at 8:19 AM, Blumenthal, Uri - 0553 - MITLL u...@ll.mit.edumailto:u...@ll.mit.edu wrote: If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.commailto:tsh...@akamai.com tsh...@akamai.commailto:tsh...@akamai.com Cc: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org openssl-dev@openssl.orgmailto:openssl-dev@openssl.org Subject: [openssl-dev] [openssl.orghttp://openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.orgmailto:rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
The parameters in the configuration file, in general, apply only to certificate operations. The openssl application does way more than certificate operations, and seeing a warning for a configuration file that has no impact on the operation being performed is annoying. Rather than completely remove the warning, I would instead suggest that the warning only be issued for certain commands that may use parameters from the configuration file. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On May 28, 2015, at 8:19 AM, Blumenthal, Uri - 0553 - MITLL u...@ll.mit.edumailto:u...@ll.mit.edu wrote: If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.commailto:tsh...@akamai.com tsh...@akamai.commailto:tsh...@akamai.com Cc: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org openssl-dev@openssl.orgmailto:openssl-dev@openssl.org Subject: [openssl-dev] [openssl.orghttp://openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.orgmailto:rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
Todd, I agree. Have the warning only where it matters (but have it there). From: Short, Todd [mailto:tsh...@akamai.com] Sent: Thursday, May 28, 2015 08:25 AM To: Blumenthal, Uri - 0553 - MITLL Cc: r...@openssl.org r...@openssl.org; openssl-dev@openssl.org openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found The parameters in the configuration file, in general, apply only to certificate operations. The openssl application does way more than certificate operations, and seeing a warning for a configuration file that has no impact on the operation being performed is annoying. Rather than completely remove the warning, I would instead suggest that the warning only be issued for certain commands that may use parameters from the configuration file. -- -Todd Short // tsh...@akamai.commailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On May 28, 2015, at 8:19 AM, Blumenthal, Uri - 0553 - MITLL u...@ll.mit.edumailto:u...@ll.mit.edu wrote: If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.commailto:tsh...@akamai.com tsh...@akamai.commailto:tsh...@akamai.com Cc: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org openssl-dev@openssl.orgmailto:openssl-dev@openssl.org Subject: [openssl-dev] [openssl.orghttp://openssl.org #3876] [PATCH] Do not complain if config file not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.orgmailto:rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
If the environment variable OPENSSL_CNF points to non-existing file a warning seems also being informative. /Ann. Am 28.05.2015 um 14:25 schrieb Short, Todd: The parameters in the configuration file, in general, apply only to certificate operations. The openssl application does way more than certificate operations, and seeing a warning for a configuration file that has no impact on the operation being performed is annoying. Rather than completely remove the warning, I would instead suggest that the warning only be issued for certain commands that may use parameters from the configuration file. -- -Todd Short // tsh...@akamai.com mailto:tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet. On May 28, 2015, at 8:19 AM, Blumenthal, Uri - 0553 - MITLL u...@ll.mit.edu mailto:u...@ll.mit.edu wrote: If I want and expect openssl to use a config file, and it did not find it - it's darn useful for me to be informed of that fact by openssl. - Original Message - From: Rich Salz via RT [mailto:r...@openssl.org] Sent: Wednesday, May 27, 2015 08:44 PM To: tsh...@akamai.com mailto:tsh...@akamai.com tsh...@akamai.com mailto:tsh...@akamai.com Cc: openssl-dev@openssl.org mailto:openssl-dev@openssl.org openssl-dev@openssl.org mailto:openssl-dev@openssl.org Subject: [openssl-dev] [openssl.org http://openssl.org #3876] [PATCH] Do not complain if configfile not found Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.org mailto:rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
My suggestion is, at least for 1.1 (but I don't see why this can't be ported down to 1.0.2 and 1.0.1) remove the config loading code from openssl.c:main() and add the same code in req.c as you can find in ts.c or srp.c... possibly refactoring that code into a helper function in apps.c. Yes, we agree. At least for master; see how painful the cherry-pick back would be. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
On Thu May 28 02:44:11 2015, rsalz wrote: Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.org The current behavior is useful with the commands that actually use the configuration file. Those are ca, req, srp and ts, and except for req, they're all loading the default config file on their own, completely ignoring the fact that openssl.c:main() has already done so. My suggestion is, at least for 1.1 (but I don't see why this can't be ported down to 1.0.2 and 1.0.1) remove the config loading code from openssl.c:main() and add the same code in req.c as you can find in ts.c or srp.c... possibly refactoring that code into a helper function in apps.c. -- Richard Levitte levi...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
Hello OpenSSL Org: This is a change that Akamai has made to its implementation of OpenSSL. Version: master branch Description: Do not complain if config file not found Remove warning when OpenSSL config file can't be found Github link: https://github.com/akamai/openssl/commit/48ad3880d3247063098d1d2b0aa4e362c4b9d996 And attachment. Thank you. -- -Todd Short // tsh...@akamai.com // “One if by land, two if by sea, three if by the Internet.” 0019-Do-not-complain-if-config-file-not-found.patch Description: Binary data ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND. It should either error+exit or not complain. I can be convinced the current behavior is useful. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
I'll let the original author (Rich Salz, cc'd), explain. -- -Todd Short // tsh...@akamai.com // Sent from my iPhone // One if by land, two if by sea, three if by the Internet. On May 27, 2015, at 6:40 PM, Daniel Kahn Gillmor via RT r...@openssl.org wrote: On Wed 2015-05-27 16:32:45 -0400, Short, Todd via RT wrote: This is a change that Akamai has made to its implementation of OpenSSL. Version: master branch Description: Do not complain if config file not found Remove warning when OpenSSL config file can't be found Github link: https://github.com/akamai/openssl/commit/48ad3880d3247063098d1d2b0aa4e362c4b9d996 Why? Is this warning no longer relevant? --dkg ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3876] [PATCH] Do not complain if config file not found
On Wed 2015-05-27 16:32:45 -0400, Short, Todd via RT wrote: This is a change that Akamai has made to its implementation of OpenSSL. Version: master branch Description: Do not complain if config file not found Remove warning when OpenSSL config file can't be found Github link: https://github.com/akamai/openssl/commit/48ad3880d3247063098d1d2b0aa4e362c4b9d996 Why? Is this warning no longer relevant? --dkg ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev