> While on the subject, cert generation steps in the isakmpd(8) manual are > also broken by this. It's absolutely right IMHO that the library should not > honour these variables, but can anyone comment on how difficult/desirable > it would be for the openssl(1) tool to handle these internally?
There should be an API to do help. It looks like we have a brave new generation of developers who were not taught the old lessons about what to not pass in environment variables.