RE: openssl error: 0.9.8e ca config
> From: owner-openssl-users@... On Behalf Of Pushkar Pathak
> Sent: Tuesday, 10 May, 2011 13:57
> I am using openssl on win xp 32. When I try to sign a request,
> openssl throws an error to the effect
> c:\>openssl ca -config openssl.cfg -policy policy_anything
> -out "test.crt" -key p -batch -infiles test.csr
> Using configuration from openssl.cfg
> 0 entries loaded from the database
> generating index
> default is an unsupported message digest type
> 5748:error:0E06D06C:configuration file routines:NCONF_get_string:
> no value:conf_lib.c:329:group= name=unique_subject
> I copied the openssl.cfg from the openssl installation directory
> and modified just one line - path of the ca which originally was
> "./demoCA" to "."
Aside: Putting data files like these in c:\ is usually a poor idea.
Howsomever, that's not an openssl problem as such.
How and from where was the installation on your machine done?
It kinda looks like the ShiningLight packaging (see below);
if not, did you build from source, or who did?
Configure, and how? Customize the config?
0.9.8e distro apps/openssl.cnf has default_md=sha1 which is valid
(so do all other 0.9.8* I have on hand to check, which is most).
It also has unique_subject commented out, but that should be okay
because the code has a default, and tries to clear the error info,
which seems nevertheless to be "left over" when the later
"unsupported digest" goes to err: and does ERR_print_errors(),
thus giving you a confusing error display.
ShiningLight (at least?) renames this to openssl.cfg, presumably
because .cnf is treated specially and unhelpfully by Explorer,
but does not apparently make any other changes in the
1.0.0 distros add code to handle 'default' and change openssl.cnf
to use it. Did you maybe install 1.0.0* and then regress to 0.9.8*?
Install 1.0.0* on some machine(s) and not other(s)? Sometime in the past
get a copy of openssl.cnf|cfg from some other source, like a website?
> Openssl version
> OpenSSL 0.9.8e 23 Feb 2007
StdCaveat: 0.9.8e is way old, and there have been several security fixes
since then. SL is currently up to date with 0.9.8r (and 1.0.0d).
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@...
Automated List Manager majordomo@...