On Wed, Mar 28, 2012, Sanjay Rai wrote:
> Hi
> I am having an issue when I try OpenSSL initialization with corrupt
> configuration file. It basically kills my application, which should not be
> the case. Is there any way I can avoid this?
>
> Here is how I can repro this issue
>
> 1- Create a new file openssl.cf file with simply entry "aaa". This is
> corrupt conf file.
>
> 2- Set OPENSSL_CONF env for above file
>
> 3- Run the code.
>
> Result
> The application terminate because there is exit(1) code in
> "OPENSSL_config()" function.
> Is there any way I can avoid termination of my application and get an error?
> I think It should return an error saying "Initialization failed".
>
> Code
> void OPENSSL_config(const char *config_name)
> {
> if (openssl_configured)
> return;
>
> OPENSSL_load_builtin_modules();
> #ifndef OPENSSL_NO_ENGINE
> /* Need to load ENGINEs */
> ENGINE_load_builtin_engines();
> #endif
> /* Add others here? */
>
>
> ERR_clear_error();
> if (CONF_modules_load_file(NULL, config_name,
> CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
> {
> BIO *bio_err;
> ERR_load_crypto_strings();
> if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
> {
> BIO_printf(bio_err,"Auto configuration failed\n");
> ERR_print_errors(bio_err);
> BIO_free(bio_err);
> }
> exit(1);
> }
>
> return;
> }
>
>
>
The OPENSSL_config() function is a pretty blunt way to configure an
application. It is designed as a KISS interface but it is better than
nothing.
If you want finer control over configuration you can call the
CONF_modules_load_file function directly with more appropriate options
and react in a way better suited to your application.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
