Pushkar Pathak | 10 May 19:56 2011
Picon

openssl error

Hi,


I am using openssl on win xp 32. When I try to sign a request, openssl throws an error to the effect


c:\>openssl ca -config openssl.cfg -policy policy_anything -out "test.crt" -key p  -batch -infiles test.csr
Using configuration from openssl.cfg
0 entries loaded from the database
generating index
default is an unsupported message digest type
5748:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group= name=unique_subject

I copied the openssl.cfg from the openssl installation directory and modified just one line - path of the ca which originally was "./demoCA" to "."


Openssl version 
OpenSSL 0.9.8e 23 Feb 2007


thanks.


Dave Thompson | 10 May 23:05 2011

RE: openssl error: 0.9.8e ca config

>	From: owner-openssl-users@... On Behalf Of Pushkar Pathak
>	Sent: Tuesday, 10 May, 2011 13:57

>	I am using openssl on win xp 32. When I try to sign a request, 
> openssl throws an error to the effect

>	c:\>openssl ca -config openssl.cfg -policy policy_anything 
> -out "test.crt" -key p  -batch -infiles test.csr
>	Using configuration from openssl.cfg
>	0 entries loaded from the database
>	generating index
>	default is an unsupported message digest type
>	5748:error:0E06D06C:configuration file routines:NCONF_get_string:
> no value:conf_lib.c:329:group= name=unique_subject

>	I copied the openssl.cfg from the openssl installation directory 
> and modified just one line - path of the ca which originally was 
> "./demoCA" to "."

Aside: Putting data files like these in c:\ is usually a poor idea.
Howsomever, that's not an openssl problem as such.

How and from where was the installation on your machine done? 
It kinda looks like the ShiningLight packaging (see below);
if not, did you build from source, or who did?
Configure, and how? Customize the config? 

0.9.8e distro apps/openssl.cnf has default_md=sha1 which is valid 
(so do all other 0.9.8* I have on hand to check, which is most).
It also has unique_subject commented out, but that should be okay 
because the code has a default, and tries to clear the error info, 
which seems nevertheless to be "left over" when the later 
"unsupported digest" goes to err: and does ERR_print_errors(), 
thus giving you a confusing error display.

ShiningLight (at least?) renames this to openssl.cfg, presumably 
because .cnf is treated specially and unhelpfully by Explorer, 
but does not apparently make any other changes in the 

1.0.0 distros add code to handle 'default' and change openssl.cnf 
to use it. Did you maybe install 1.0.0* and then regress to 0.9.8*? 
Install 1.0.0* on some machine(s) and not other(s)? Sometime in the past 
get a copy of openssl.cnf|cfg from some other source, like a website?

>	Openssl version 
>	OpenSSL 0.9.8e 23 Feb 2007

StdCaveat: 0.9.8e is way old, and there have been several security fixes 
since then. SL is currently up to date with 0.9.8r (and 1.0.0d).

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

eurospoofer | 23 Oct 19:27 2013
Picon

Re: openssl error

I was getting the same error.  Changed a setting in the openssl.cnf that
fixed it:

Locate the line:
default_md	= default

Change it to:

default_md	= md5

--
View this message in context: http://openssl.6102.n7.nabble.com/openssl-error-tp1994p47008.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Aleks | 23 Oct 21:06 2013
Picon

Re: openssl error

tks for the response, but didn't worked, same error.


2013/10/23 eurospoofer <eurospoofer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
I was getting the same error.  Changed a setting in the openssl.cnf that
fixed it:

Locate the line:
default_md      = default

Change it to:

default_md      = md5





--
View this message in context: http://openssl.6102.n7.nabble.com/openssl-error-tp1994p47008.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users-MCmKBN63+BlAfugRpC6u6w@public.gmane.org
Automated List Manager                           majordomo-MCmKBN63+BlAfugRpC6u6w@public.gmane.org


Gmane