Re: test make_verify fails on brand new red hat enterprise 7 box

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


So what does your certs/demo directory look like? Do you have the
necessary symbolic links (created during "make" somewhere I think).


Links are missing. 

The problem has something to do with the default path to openssl.conf. In my case it is based on the build prefix I used.
If the path does not exist, make rehash will create links happily.
If the dir exists but my build account does not have access permissions, make rehash is unhappy and refuses to create links.

rm rehash.time
make rehash

Doing certs/demo
140097379800768:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140097379800768:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184:
140097379800768:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203:
140367544841920:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140367544841920:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184:
140367544841920:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203:
WARNING: Skipping duplicate certificate dsa-ca.pem
140697328998080:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
140697328998080:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184:
140697328998080:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203:
WARNING: Skipping duplicate certificate dsa-pca.pem
139717812614848:error:0200100D:system library:fopen:Permission denied:bss_file.c:175:fopen('/usr/local/.../openssl/ssl/openssl.cnf','rb')
139717812614848:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:184:
139717812614848:error:0E078002:configuration file routines:DEF_LOAD:system lib:conf_def.c:203:
WARNING: Skipping duplicate certificate pca-cert.pem



I don't know why openssl handles both errors in a different way. In general the build does not care about the inaccessible config. That behavior suits me.

Maybe the build should detect the problem with make rehash. Or force an OPENSSL_CONF value that will make it happy. Here's the workaround I applied to my build script.

...
rm rehash.time
make OPENSSL_CONF= rehash

make test


Problem nailed. Thank you for your help! 

 
--
Philippe Anctil
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux