Discussion:
[openssl-users] WARNING message "can't open config file” when running openssl command
(too old to reply)
Yan, Bob
2016-02-04 17:36:46 UTC
Permalink
Hi All,

I downloaded openssl 1.0.2e source files and built it in a Linux server. It seems everything working fine except there is a WARNING message, “can't open config file” always shown on screen when I run openssl command, see below for detail:

$ openssl x509 -in cert.pem -noout -text
$ WARNING: can't open config file: /usr/local/ssl/openssl.cnf

How can I eliminate this WARNING message even though the “/usr/local/ssl/openssl.cnf” file does not exist?

Thanks
Bob
Salz, Rich
2016-02-04 18:41:11 UTC
Permalink
Post by Yan, Bob
$ openssl x509 -in cert.pem -noout -text
$ WARNING: can't open config file: /usr/local/ssl/openssl.cnf
How can I eliminate this WARNING message even though the “/usr/local/ssl/openssl.cnf” file does not exist?
Among other options, "OPENSSL_CONF=/dev/null ; export OPENSSL_CONF"
Yan, Bob
2016-02-04 18:52:19 UTC
Permalink
Hi Rich,

It works, thank you for your suggestions! I am just wondering is there any other options, for example eliminate the WARNING message while building the openssl libraries and executables?

Thank you very much!
Bob


-----Original Message-----
From: openssl-users [mailto:openssl-users-***@openssl.org] On Behalf Of Salz, Rich
Sent: Thursday, February 04, 2016 10:41 AM
To: openssl-***@openssl.org
Subject: Re: [openssl-users] WARNING message "can't open config file” when running openssl command
$ openssl x509 -in cert.pem -noout -text $ WARNING: can't open config
file: /usr/local/ssl/openssl.cnf
How can I eliminate this WARNING message even though the “/usr/local/ssl/openssl.cnf” file does not exist?
Among other options, "OPENSSL_CONF=/dev/null ; export OPENSSL_CONF"
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Salz, Rich
2016-02-04 18:57:08 UTC
Permalink
Post by Yan, Bob
It works, thank you for your suggestions! I am just wondering is there any
other options, for example eliminate the WARNING message while building
the openssl libraries and executables?
You could modify the source (e_os2.h, somewhere in that #ifdef maze sorry) to set the default ot be /dev/null
Yan, Bob
2016-02-04 19:15:55 UTC
Permalink
Thanks again, Rich!

-----Original Message-----
From: openssl-users [mailto:openssl-users-***@openssl.org] On Behalf Of Salz, Rich
Sent: Thursday, February 04, 2016 10:57 AM
To: openssl-***@openssl.org
Subject: Re: [openssl-users] WARNING message "can't open config file” when running openssl command
Post by Yan, Bob
It works, thank you for your suggestions! I am just wondering is there
any other options, for example eliminate the WARNING message while
building the openssl libraries and executables?
You could modify the source (e_os2.h, somewhere in that #ifdef maze sorry) to set the default ot be /dev/null _______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Viktor Dukhovni
2016-02-04 19:16:02 UTC
Permalink
Post by Salz, Rich
Post by Yan, Bob
It works, thank you for your suggestions! I am just wondering is there any
other options, for example eliminate the WARNING message while building
the openssl libraries and executables?
You could modify the source (e_os2.h, somewhere in that #ifdef maze sorry) to set the default ot be /dev/null
The OP should try 1.1.0-dev (master built from source) and see
whether it behaves differently. What I see is that most of the
commands that don't explicitly need configuration data quietly
ignore a missing default configuration file.

In master (1.1.0-dev), only commands like "openssl req" that want
various subject DN prompts, ... complain when there's no configuration
file. And "req" has a "-config" argument that makes that go away.

So in 1.0.2: I get

$ OpenSSL_1_0_2/bin/openssl version
WARNING: can't open config file: .../OpenSSL_1_0_2/ssl/openssl.cnf
OpenSSL 1.0.2g-dev xx XXX xxxx

But master (1.1.0-dev) is silent:

$ mv OpenSSL_master/ssl/openssl.cnf{,.hide}
$ OpenSSL_master/bin/openssl version
OpenSSL 1.1.0-pre3-dev xx XXX xxxx
$ mv OpenSSL_master/ssl/openssl.cnf{.hide,}

So the issue is addressed in 1.1.0. Since the warnings have been
with us since at least the initial 1.0.2 release, and are not new
with 1.0.2f, they're likely to stay for now.
--
Viktor.
Dr. Stephen Henson
2016-02-04 23:40:23 UTC
Permalink
Post by Yan, Bob
Hi Rich,
It works, thank you for your suggestions! I am just wondering is there any other options, for example eliminate the WARNING message while building the openssl libraries and executables?
Another option is to set an appropriate install location (the default is a
Unixy path which doesn't make much sense on Windows) and install openssl.cnf
in there.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
Yan, Bob
2016-02-04 23:56:11 UTC
Permalink
Thanks, Steve!

-----Original Message-----
From: openssl-users [mailto:openssl-users-***@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Thursday, February 04, 2016 3:40 PM
To: openssl-***@openssl.org
Subject: Re: [openssl-users] WARNING message "can't open config file??? when running openssl command
Post by Yan, Bob
Hi Rich,
It works, thank you for your suggestions! I am just wondering is there any other options, for example eliminate the WARNING message while building the openssl libraries and executables?
Another option is to set an appropriate install location (the default is a Unixy path which doesn't make much sense on Windows) and install openssl.cnf in there.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org _______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...