> As I mentioned earlier, OpenSSL has no issues with this, but LibreSSL > picks up an error. The error is probably right in front of my eyes, but > I cannot find it. What am I doing wrong?
ENV support was removed entirely. A few people found convenient ways to use that hack. However, the support is baked in -- unavoidable -- and occurs in all library use-contexts. In some of those contexts, this environment variable support is super dangerous. Since we cannot toggle support on & off based upon the usage case and provide selective security -- the support was removed. Imagine if libc had a pile of environment variables that behaved like this. If the practice is is unsafe in a library like libc, then it should be looked at with an equally critical eye in a library used for security purposes...
