Subject: security/9741: openssl configuration path unclear
To: None <netbsd-bugs@netbsd.org>
From: John Darrow <John.P.Darrow@wheaton.edu>
List: netbsd-bugs
Date: 04/05/2000 14:58:20
Date: Sat, 1 Apr 2000 00:20:54 +0200 (CEST)
From: Klaus Klein <kleink@serpens.de>
Sender: kleink@uni-trier.de
Reply-To: kleink@serpens.de
To: gnats-bugs@gnats.netbsd.org
Subject: openssl configuration path unclear
>Number: 9741
>Category: security
>Synopsis: openssl configuration path unclear
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: security-officer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Mar 31 14:24:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Klaus Klein
>Release: 2000-03-31
>Organization:
Frobozz Magic Standards Company
>Environment:
n/a
>Description:
OpenSSL (at least in cryptosrc-intl) is built to use the path
/usr/local/ssl for its configuration files, raising two issues:
* NetBSD.dist defines an /etc/openssl tree, which makes this
ambigous (to say the least).
* The /usr/local hierarchy shall not be considered in any way
by base distribution software.
>How-To-Repeat:
$ /usr/bin/openssl req < /dev/null
Using configuration from /usr/local/ssl/openssl.cnf
[...]
>Fix:
Index: Makefile.openssl
===================================================================
RCS file: /cvsroot/cryptosrc-intl/crypto-intl/Makefile.openssl,v
retrieving revision 1.1
diff -u -r1.1 Makefile.openssl
--- Makefile.openssl 1999/07/23 01:32:57 1.1
+++ Makefile.openssl 2000/03/31 22:15:27
@@ -6,6 +6,7 @@
.include <bsd.own.mk>
OPENSSLSRC= ${CRYPTODIST}/openssl
+CPPFLAGS+= -DOPENSSLDIR=\"/etc/openssl\"
.if !PATENTEDOPENSSLSRC
CPPFLAGS+= -DNO_IDEA -DNO_RC5 -DNO_RSA
>Release-Note:
>Audit-Trail:
>Unformatted: