On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote: > 1726 write(2, "Disabling SSL due to encountered errors.\n", 41) = 41
Looking at the source, about the only reason I can see to get that is that SSL_CTX_new() failed. If I understand correctly, it's actually a change in libcrypto between 1.1.1a and 1.1.1b? The most likely commit to change behaviour seems to be: commit 25eb9299cec4404a4cdf3167056bd147af2582f3 Author: Viktor Dukhovni <[email protected]> Date: Tue Jan 1 02:53:24 2019 -0500 More configurable crypto and ssl library initialization 1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with opts equal to OPENSSL_INIT_BASE_ONLY (this flag should only be used alone). Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/7969) But the commit message at least indicates that it should just continue. wget in buster actually seems to be linked to gnutls, and trying other applications just seem to work without config file. Kurt
