On 03/11/2020 18:03, Tomas Mraz wrote: > On Tue, 2020-11-03 at 15:13 +0000, Matt Caswell wrote: >> >> The reasons are a little complicated (see below) but the TL;DR >> summary >> is that there is an error in your config file. The ".include" line >> should specify a config file relative to OPENSSLDIR (or >> OPENSSL_CONF_INCLUDE if it is set). It cannot be an absolute path, >> and >> hence fips.cnf is not being found. >> >> I've seen this error a few times now so I'm thinking that we should >> perhaps allow absolute paths. I'm not sure what the reason for >> disallowing them was. > > This is actually a regression. The absolute paths worked fine in 1.1.1 > but it is also not clear to me why an absolute path would not work even > with the current master unless you set OPENSSL_CONF_INCLUDE. The > OPENSSL_CONF_INCLUDE is unconditionally prepended to the include path > so that is the reason why absolute paths do not work properly if you > set OPENSSL_CONF_INCLUDE. > This is indeed the case in my environment. I did have OPENSSL_CONF_INCLUDE set - but I would expect an absolute path to override it. Matt
