There was a OPENSSL_CONF environment variable that pointed to a openssl.cfg which was apparently wrong. I changed the name of the variable to BAD_OPENSSL_CONF, opened a new DOS-prompt and the error was gone. Before changing that, I could not do anything with curl.

This issue is a real tricky one. The openssl.cfg was put there by OpenVPN, but OpenVPN has not been running for ages. I guess a lot of people have left-overs of previously used programs, not only on Windows but also on Linux.

If OpenSLL does not ignore those errors silently, many people will have broken systems without knowing where to look. In my case Apache would not restart because the PHP for mod_php was broken. Luckily I have a setup, where I can instantly switch to a working PHP version (/php55nts.x86 in stead of /php55nts.x32), so I could get Apache up'n'running again within seconds.

Thanks for the help!

        Microsoft Windows [Version 6.1.7601]
        Copyright (c) 2009 Microsoft Corporation. All rights reserved.
        
        C:\Users\Administrator>cd \phpdev\php55bad.x32
        
        C:\phpdev\php55bad.x32>set | find "openssl"
        BAD_OPENSSL_CONF=C:\Program Files (x86)\OpenVPN\bin\OpenSSL-Win64\bin\openssl.cfg
        
        C:\phpdev\php55bad.x32>curl https://sourceforge.net/
        curl: (60) SSL certificate problem: unable to get local issuer certificate
        More details here: http://curl.haxx.se/docs/sslcerts.html
        
        curl performs SSL certificate verification by default, using a "bundle"
         of Certificate Authority (CA) public keys (CA certs). If the default
         bundle file isn't adequate, you can specify an alternate file
         using the --cacert option.
        If this HTTPS server uses a certificate signed by a CA represented in
         the bundle, the certificate verification probably failed due to a
         problem with the certificate (it might be expired, or the name might
         not match the domain name in the URL).
        If you'd like to turn off curl's verification of the certificate, use
         the -k (or --insecure) option.
        
        C:\phpdev\php55bad.x32>php -v
        PHP 5.5.15 (cli) (built: Jul 23 2014 15:03:28)
        Copyright (c) 1997-2014 The PHP Group
        Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
        

---
** [bugs:#1401] STR_COPY:variable has no value**
**Status:** open
**Labels:** openssl VC9 VC11 Windows 2008 
**Created:** Sun Jul 27, 2014 06:54 AM UTC by Jan-E
**Last Updated:** Sun Jul 27, 2014 09:40 PM UTC
**Owner:** Daniel Stenberg
I got this error after upgrading to libcurl 7.37.1 and compiling php_curl.dll with it on Windows
	C:\phpdev\php55nts.x32>php -v
	Auto configuration failed
	7140:error:0E065068:configuration file routines:STR_COPY:variable has no value:.
	\crypto\conf\conf_def.c:618:line 37
To analyze what went wrong, I went back to libcurl 7.37.0 and applied the openssl patches since that release:
7.37.0 unpatched: OK
7.37.0 with the 'Fix uninitialized variable use in NPN callback': still OK
7.37.0 with the additional 'call OPENSSL_config for initing engines' patch: error
So this commit broke it on my server:
https://github.com/bagder/curl/commit/c50ce859187cabecee5470a95a51c35bf73d3c47
OS: Windows 2008 R2
OpenSSL 1.0.1h
PHP-versions: 5.3-29-dev, 5.4.31, 5.5.15
So it happened both with PHP compiled with VC9 (5.3, 5.4) as with PHP compiled with VC11 (5.5).
Other point that is relevant: it only happened on the production server. I could not reproduce it on the developmet server, which runs Windows 2008 R2 as well. And also on my laptop with Windows 7 it did not happen.
Furthermore: it went wrong with every php-extension that used libcurl (php_http.dll for instance).
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.