https://bz.apache.org/bugzilla/show_bug.cgi?id=65344
Bug ID: 65344
Summary: OpenSSL configuration
Product: Tomcat Native
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Library
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
A potential improvement in the OpenSSL interaction might be to enable OpenSSL
configuration:
In ssl.c, initialization is done with the call:
OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
The openssl command in OpenSSL source performs initialization like this:
OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN |
OPENSSL_INIT_LOAD_CONFIG, NULL);
The OPENSSL_INIT_LOAD_CONFIG makes the OpenSSL library load configuration (for
example /etc/ssl/openssl.cnf by default on Ubuntu). The configuration could
also be specified through a path in OPENSSL_CONF environment variable (that
could be set in setenv.sh in Tomcat for full control over the OpenSSL
configuration.)
The ability to configure OpenSSL is important. As an example, some crypto
engines require the engine initialized by the client code (others don't). This
can be expressed in the configuration. See NGINX forum related to this and see
how the OpenSSL configuration is relied upon to initialize a crypto engine,
without changing the client code:
https://forum.nginx.org/read.php?29,279575,279905
(A similar enhancement request was initially made as a comment on ticket
#65181.)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
