On Mon, 22 Jul 2019 21:17:01 +0200,
Blumenthal, Uri - 0553 - MITLL wrote:
>
> Turned out the failure was my misconfiguration - but the "config"
> man page doesn't seem to describe the *exact* order of the
> statements/sections.
It does, but perhaps not in a way you expected. Here's a paragraph
from config(5), about the so called default section:
The first section of a configuration file is special and is referred to
as the default section. This section is usually unnamed and spans from
the start of file until the first named section. When a name is being
looked up it is first looked up in a named section (if any) and then
the default section.
"start of the file until the first section" is key. This is found
fairly early in the description.
And then, early in "OPENSSL_LIBRARY CONFIGURATION":
To enable library configuration the default section needs to contain an
appropriate line which points to the main configuration section. The
default name is openssl_conf which is used by the openssl utility.
Other applications may use an alternative name such as
myapplication_conf. All library configuration lines appear in the
default section at the start of the configuration file.
"the default section" is key.
So the "openssl_conf = openssl_init" line must be early in the config
file. The order of the different named sections doesn't (or
shouldn't) really matter.
Cheers,
Richard
--
Richard Levitte levitte@xxxxxxxxxxx
OpenSSL Project http://www.openssl.org/~levitte/
