This looks like you're actually trying to use the config file for
OpenSSL-3.0 with OpenSSL-1.1.1 which does not understand the providers
module and tries to load it as a conf shared library module.

I'd suggest using different --openssldir= when configuring the openssl-
3.0 build if you need both openssl-3.0 and openssl-1.1.1 in your

Tomas Mraz

On Thu, 2022-10-20 at 05:26 +0000, Gahlot, Ashish Kumar wrote:
> Hi everyone,
> I'm trying to enable fips provider in openssl3 by writing the
> following lines into openssl.cnf file:
> openssl_conf = openssl_init
> .include fipsmodule.cnf
> [openssl_init]
> providers = provider_sect
> [provider_sect]
> fips = fips_sect
> base = base_sect
> [base_sect]
> activate = 1
> Now when it is enabled, there is an error in syslog that
> file not found:
> DSO support routines:dlfcn_load:could not load the shared
> library:crypto/dso/dso_dlfcn.c:118:filename(
> cannot open shared object file: No such file or
> directory
> 140666570000192:error:25070067:DSO support routines:DSO_load:could
> not load the shared library:crypto/dso/dso_lib.c:162:
> 140666570000192:error:0E07506E:configuration file
> routines:module_load_dso:error loading
> dso:crypto/conf/conf_mod.c:224:module=providers, path=providers
> 140666570000192:error:0E076071:configuration file
> routines:module_run:unknown module
> name:crypto/conf/conf_mod.c:165:module=providers
> And this seems to be a common issue in openssl3. I have seen
> solutions like commenting outprovider_sect but I think I would need
> it to enable fips provider. Is there any working solution for this?
> Thank you,
> Ashish 
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others
> or forwarding without express permission is strictly prohibited. If
> you are not the intended recipient, please notify the sender
> immediately and then delete all copies, including any attachments.

Tomáš Mráz, OpenSSL

Reply via email to