This could be a real bug, a doc bug, or I'm just not getting it.
I'm using "-config" with "openssl req" and "openssl ca" to use an alternate
openssl.cnf file. The command bombs because (being run as non-root) it can't
read the default /etc/pki/tls/openssl.cnf file, since it is owned by root and
mode 600 (CentOS 6.2, openssl 1.0.1e from RPM), and the command is not being
run as root.
My alternate openssl.cnf file is in the current working directory, and I have
tried making the -config argument each of "openssl.cnf", "./openssl.cnf", and
the full absolute path to the file. My file is mode 600 and owned by the user
running the command and has mode 600.
In no case does it complain of not being able to read my file (but maybe it
never gets that far). It complains of not being able to read the default file.
So, does -config *NOT* suppress reading of the default file (the man page
implies that it does)? Have I missed an option for suppressing it?
Is this a bug, a local installation problem, or could the documentation use
improvement.
Here's an example of a failing command:
(imposter)[ imposter@imposter_bill ~/imposter/non-git/CA ]
$ openssl req -config /home/imposter/imposter/non-git/CA/openssl.cnf -newkey
rsa -nodes -keyout localhost.key -out localhost.csr
140615126005576:error:0200100D:system library:fopen:Permission
denied:bss_file.c:169:fopen('/etc/pki/tls/openssl.cnf','rb')
140615126005576:error:2006D002:BIO routines:BIO_new_file:system
lib:bss_file.c:174:
140615126005576:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:199:
(imposter)[ imposter@imposter_bill ~/imposter/non-git/CA ]
$
_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
