php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #60157 OPENSSL_CONF environment variable ignored
Submitted: 2011-10-28 11:48 UTC Modified: 2020-10-19 13:27 UTC
Votes:29
Avg. Score:4.2 ± 0.8
Reproduced:26 of 26 (100.0%)
Same Version:4 (15.4%)
Same OS:10 (38.5%)
From: zeusgerde at arcor dot de Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.3.8 OS: Windows XP and Windows 7
Private report: No CVE-ID: None
View Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
41 + 17 = ?
Subscribe to this entry?

 
 [2011-10-28 11:48 UTC] zeusgerde at arcor dot de 
Description:
------------
setting OPENSSL_CONF is ignored in openssl* functions despite the documentation 
lists it as the first location where the configuration file is searched

http://de2.php.net/manual/en/openssl.installation.php


Test script:
---------------
<?php

header('Content-Type: text/plain');

echo "Current PHP version: ", phpversion(), "\n";

echo "*** OPENSSL_CONF\n";
var_dump(getenv('OPENSSL_CONF'));

echo "\n*** Errors before calling openssl_pkey_new\n";
while (($e = openssl_error_string()) !== false) {
	var_dump($e);
}

echo "\n*** Calling openssl_pkey_new\n";

var_dump(openssl_pkey_new());

echo "\n*** Errors after calling openssl_pkey_new\n";
while (($e = openssl_error_string()) !== false) {
	var_dump($e);
}


Expected result:
----------------
Current PHP version: 5.3.8
*** OPENSSL_CONF
string(42) "D:\sandbox\openssl.cnf"

*** Errors before calling openssl_pkey_new

*** Calling openssl_pkey_new
resource(2) of type (OpenSSL key)

*** Errors after calling openssl_pkey_new


Actual result:
--------------
Current PHP version: 5.3.8
*** OPENSSL_CONF
string(42) "D:\sandbox\openssl.cnf"

*** Errors before calling openssl_pkey_new

*** Calling openssl_pkey_new
bool(false)

*** Errors after calling openssl_pkey_new
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"

Patches

call_OPENSSL_config (last revision 2017-09-21 09:28 UTC by VadimZelenin at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-10-28 11:50 UTC] zeusgerde at arcor dot de 
BTW, this is the work-around

var_dump(openssl_pkey_new(array(
	'config' => getenv('OPENSSL_CONF'),
)));
 [2011-10-28 12:45 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2011-10-28 12:45 UTC] pajoye@php.net 
Where do you set it? System wild? manually in your script?

try:

putenv("OPENSSL_CONF=whereyouwanit");
.. rest of your code..

Only to verify a possible cause.
 [2011-10-31 07:51 UTC] zeusgerde at arcor dot de
-Status: Feedback +Status: Open
 [2011-10-31 07:51 UTC] zeusgerde at arcor dot de 
> Where do you set it? System wild? manually in your script?

In httpd.conf in a global scope:
| SetEnv OPENSSL_CONF D:\sandbox\openssl.cnf

You can see that it is set in the actual result:
| var_dump(getenv('OPENSSL_CONF'));
| // string(42) "D:\sandbox\openssl.cnf"

(hint: don't look at the string length, I scrambled the path in this bug report)

> putenv("OPENSSL_CONF=whereyouwanit");

No change in the actual result. Even if I do this:

| putenv("OPENSSL_CONF=", getenv('OPENSSL_CONF'));

It only works if I use the $configargs parameter directly (see my first comment 
at 2011-10-28 11:48 UTC)
 [2012-01-03 21:25 UTC] dfroe at gmx dot de 
I am able to reproduce this bug under FreeBSD, too. So it does not seem to be a Windows specific issue. I am using PHP 5.3.8 compiled via the latest FreeBSD ports tree. The putenv() hint does not work, either. Passing the config value within the config array directly to the openssl function works - but can of course only be a quick and dirty workaround.
 [2013-03-22 19:15 UTC] eugene at zhegan dot in 
Still reproducible on 5.3.23.
 [2014-02-12 22:07 UTC] marco at m-s-d dot eu 
Confirming still present in php5.6-201402121030 with OpenSSL 1.0.7f, OS w7 x64.
 [2014-05-27 11:26 UTC] pet at biba dot uni-bremen dot de 
Under windows with f-cgi only the path "C:\usr\local\ssl" is searched for the cnf. Apache, PHP, SSL are in PATH and OPENSSL_CONF is set too.
 [2014-11-05 13:24 UTC] cerbrst86 at yahoo dot de 
####Actual result (Zend Server 7):####

Current PHP version: 5.5.13
*** OPENSSL_CONF
string(35) "/usr/local/zend/etc/ssl/openssl.cnf"

*** Errors before calling openssl_pkey_new

*** Calling openssl_pkey_new
bool(false)

*** Errors after calling openssl_pkey_new
string(61) "error:02001002:system library:fopen:No such file or directory"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
string(61) "error:02001002:system library:fopen:No such file or directory"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"

####Actual Result (Zend Server 7 php-cli):####

Current PHP version: 5.5.13
*** OPENSSL_CONF
string(35) "/usr/local/zend/etc/ssl/openssl.cnf"

*** Errors before calling openssl_pkey_new

*** Calling openssl_pkey_new
resource(4) of type (OpenSSL key)

*** Errors after calling openssl_pkey_new
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
 [2016-06-08 14:38 UTC] it-solutions at schultz dot ch 
I wonder if this issue will be addressed at all...

Current PHP version: 7.0.7
*** OPENSSL_CONF
string(32) "C:\Webserver\OpenSSL\openssl.cfg"

*** Errors before calling openssl_pkey_new

*** Calling openssl_pkey_new
bool(false)

*** Errors after calling openssl_pkey_new
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
string(51) "error:02001003:system library:fopen:No such process"
string(53) "error:2006D080:BIO routines:BIO_new_file:no such file"
string(63) "error:0E064002:configuration file routines:CONF_load:system lib"
 [2020-10-19 13:27 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-10-19 13:27 UTC] cmb@php.net 
This issue is fixed as of PHP 7.2.0[1].

[1] <http://git.php.net/?p=php-src.git;a=commit;h=1f843a8fb50de77a3f53a6b892a46d9e0afdfdd7>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 05:00:02 2025 UTC