cURL cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1401 OPENSSL_config causes app to exit with bad conf file

From: Jan-E <jan-e_at_users.sf.net>
Date: Wed, 06 Aug 2014 14:28:31 +0000

I still owed you an answer to your questions. As a starter: yes, it is mainly on OpenSSL issue. With that in mind, you could close the bug as 'will not fix'.

In the mean time, I checked what was wrong with the OpenSSL.cnf. Actually it was not entirely wrong, but libcurl opened it out-of-context. The OpenSSL.cnf was installed for Easy-RSA as part of OpenVPN 2.2.2. A current version of the config file can be found here:
https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/openssl-1.0.cnf

As you can see, quite a lot of $ENV variables have to be set before this openssl.cnf can be opened wthout errors. Curl did (of course) not set those variables and OpenSSL did not silently ignore the errors. Result: PHP with the curl extension exited immediately and the Apache that used PHP as mod_php did not start as well.

OpenSSL strongly recommends "that all new applications call OPENSSL_config() or the more sophisticated functions such as CONF_modules_load() during initialization (that is before starting any threads)." In your message http://curl.haxx.se/mail/lib-2014-06/0004.html you were still looking if any "more sophisticated function" could do the job. You asked Дмитрий Фалько a question about that, got no answer and then pushed the change. A remarkable chain of events.

Anyway: close the bug if you want to. And let us hope that not many people have installed easy-rsa as their only OpenSSL client.

---
** [bugs:#1401] OPENSSL_config causes app to exit with bad conf file**
**Status:** open
**Labels:** openssl VC9 VC11 Windows 2008 
**Created:** Sun Jul 27, 2014 06:54 AM UTC by Jan-E
**Last Updated:** Wed Jul 30, 2014 02:08 PM UTC
**Owner:** Daniel Stenberg
I got this error after upgrading to libcurl 7.37.1 and compiling php_curl.dll with it on Windows

	C:\phpdev\php55nts.x32>php -v
	Auto configuration failed
	7140:error:0E065068:configuration file routines:STR_COPY:variable has no value:.
	\crypto\conf\conf_def.c:618:line 37

To analyze what went wrong, I went back to libcurl 7.37.0 and applied the openssl patches since that release:

7.37.0 unpatched: OK
7.37.0 with the 'Fix uninitialized variable use in NPN callback': still OK
7.37.0 with the additional 'call OPENSSL_config for initing engines' patch: error

So this commit broke it on my server:
https://github.com/bagder/curl/commit/c50ce859187cabecee5470a95a51c35bf73d3c47


OS: Windows 2008 R2
OpenSSL 1.0.1h
PHP-versions: 5.3-29-dev, 5.4.31, 5.5.15
So it happened both with PHP compiled with VC9 (5.3, 5.4) as with PHP compiled with VC11 (5.5).

Other point that is relevant: it only happened on the production server. I could not reproduce it on the developmet server, which runs Windows 2008 R2 as well. And also on my laptop with Windows 7 it did not happen.

Furthermore: it went wrong with every php-extension that used libcurl (php_http.dll for instance).
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-08-06

These mail archives are generated by hypermail.