On Mon, Mar 31, 2014 at 02:13:22PM +0200, Nikos Mavrogiannopoulos wrote:
> This looks indeed cleaner, but based on my understanding of openssl, I
> think the main issues with that, is (1) that applications may not call
> OPENSSL_config at all,
Perhaps to deliberately isolate themselves from unintended behaviour.
For example, Postfix requires a default EMPTY list of trusted CAs,
with any CAfile or CApath explicitly specified in the Postfix
main.cf configuration file. It would be unfortunate if some
application independent system-wide configuration file instantiated
a default CAfile or CApath.
> and (2) it is not easy to modify just a single
> section of that file with system scripts (especially since that file is
> expected to be modified manually by the administrator).
This is likely a good thing. Once a default is set, changing it
incompatibly, without explicit knowledge of the likely impact, is
a bad idea. Making non-default settings is up to the system
administrator.
I would be leary of using systems where the distribution vendor
makes incompatible changes to security policy.
> The former can be probably overcome by forcing OPENSSL_config() when the
> cipher string is parsed, and the latter by allowing OPENSSL_config to
> load files from a directory and concatenate them prior to parsing.
> What would you think of such an approach? Any better suggestions?
This too feels like intrusive overreach. What problem are you
trying to solve?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
