Re: PRNG not available when multiple providers are configured?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 03/11/2020 18:03, Tomas Mraz wrote:
> On Tue, 2020-11-03 at 15:13 +0000, Matt Caswell wrote:
>>
>> The reasons are a little complicated (see below) but the TL;DR
>> summary
>> is that there is an error in your config file. The ".include" line
>> should specify a config file relative to OPENSSLDIR (or
>> OPENSSL_CONF_INCLUDE if it is set). It cannot be an absolute path,
>> and
>> hence fips.cnf is not being found.
>>
>> I've seen this error a few times now so I'm thinking that we should
>> perhaps allow absolute paths. I'm not sure what the reason for
>> disallowing them was.
> 
> This is actually a regression. The absolute paths worked fine in 1.1.1
> but it is also not clear to me why an absolute path would not work even
> with the current master unless you set OPENSSL_CONF_INCLUDE. The
> OPENSSL_CONF_INCLUDE is unconditionally prepended to the include path
> so that is the reason why absolute paths do not work properly if you
> set OPENSSL_CONF_INCLUDE.
> 

This is indeed the case in my environment. I did have
OPENSSL_CONF_INCLUDE set - but I would expect an absolute path to
override it.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux