On 27 Dec 2023, at 15:48, Tomas Mraz <tm@xxxxxxxx> wrote:
I understand from https://www.openssl.org/docs/man3.0/man7/ossl_store-file.html that "Support for the ‘file’ scheme is built into libcrypto.”, so in theory yes the default or base provider should be loaded, put in practise from this debug trace below no. I am using openssl-3.0.7-24.el9.x86_64 as packaged in RHEL9. Stepping through the openssl code, it seems the default “file” is not present, is this expected? I’ve tried both “/tmp/seawitch.pem” and “file:///tmp/seawitch.pem”, both show the same problem. Thread 9 "ns-slapd" hit Breakpoint 1, OSSL_STORE_open (uri=0x7faef3c02fc0 "/tmp/seawitch.pem", ui_method=0x0, ui_data=0x0, post_process=0x0, post_process_data=0x0) at crypto/store/store_lib.c:224 224 { (gdb) next 225 return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL, (gdb) step OSSL_STORE_open_ex (uri=0x7faef3c02fc0 "/tmp/seawitch.pem", libctx=libctx@entry=0x0, propq=propq@entry=0x0, ui_method=0x0, ui_data=0x0, params=params@entry=0x0, post_process=0x0, post_process_data=0x0) at crypto/store/store_lib.c:68 68 { (gdb) next 84 schemes[schemes_n++] = "file"; (gdb) 93 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); (gdb) 94 if ((p = strchr(scheme_copy, ':')) != NULL) { (gdb) print scheme_copy $1 = "/tmp/seawitch.pem\000\037\365\256\177\000\000\370\353\037\365\256\177\000\000\250\355\037\365\256\177\000\000\370\353\037\365\256\177\000\000`\322\037\365\256\177\000\000\000\274\315\363\256\177\000\000\300\350\aI\257\177\000\000\370\353\037\365\256\177\000\000K\276\024H\257\177\000\000\313\064\000H\257\177\000\000@b\301\363\256\177\000\000 )\300\363\256\177\000\000\000\000\000\000\000\000\000\000x7\000H\257\177\000\000\203\264\023H\257\177\000\000\000\000\000\000\000\000\000\000\023\000\000\000\000\000\000\000 )\300\363\256\177\000\000\000\000\000\000\000\000\000\000\255\r\001H\257\177\000\000 *\300\363\256\177\000\000t'\300\363\256\177\000\000\340\016\317\363\256\177\000\000"... (gdb) next 103 ERR_set_mark(); (gdb) 113 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) { (gdb) 117 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) { (gdb) print scheme $2 = 0x7faf48132c30 "file" (gdb) next 126 if (loader == NULL (gdb) 129 const OSSL_PROVIDER *provider = (gdb) 131 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); (gdb) 134 loader_ctx = fetched_loader->p_open(provctx, uri); (gdb) 135 if (loader_ctx == NULL) { (gdb) 136 OSSL_STORE_LOADER_free(fetched_loader); (gdb) 148 if (no_loader_found) (gdb) 157 if (loader_ctx == NULL) (gdb) 195 ERR_clear_last_mark(); (gdb) 196 if (loader_ctx != NULL) { (gdb) 214 OSSL_STORE_LOADER_free(fetched_loader); (gdb) 215 OPENSSL_free(propq_copy); (gdb) 216 OPENSSL_free(ctx); (gdb) tlso_ctx_init (lo=0x7faef3c00460, lt=0x7faef51fd910, is_server=0, errmsg=0x7faef51fd9f0 "") at tls_o.c:627 627 if (!sctx) { Regards, Graham — |
