Bug 1694850

Summary: Configuration file openssl.conf not compatible
Product: [Fedora] Fedora Reporter: nicofo <nicofo>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 29CC: jorton, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-02 08:46:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description nicofo 2019-04-01 20:36:44 UTC 
Description of problem:
When launching digikam appimage (compiled with OpenSSL 1.0.0), I have the following crash:

40463680456896:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(libssl_conf.so): libssl_conf.so: cannot open shared object file: No such file or directory
140463680456896:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
140463680456896:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=ssl_conf, path=ssl_conf
140463680456896:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=ssl_conf

If I "export OPENSSL_CONF=<random string>" to NOT use the config file /etc/pki/tls/openssl.cnf --> no more crash
The config file openssl.cnf seems therefore incompatible with openssl1.0.0,
despite the fact compat-openssl is well installed.


Version-Release number of selected component (if applicable):
- openssl-1.1.1b-3.fc29.x86_64
- compat-openssl10-1.0.2o-3.fc29.x86_64

Additional info:
- ssl_conf directive in openssl.cnf seems the culprit (I have commented that line and no more crash). Like in: https://github.com/dotnet/corefx/issues/33179
- same problem on Debian, with explanations: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918727
- see related bug on digikam bugzilla (https://bugs.kde.org/show_bug.cgi?id=401377)
- is there a link with my previous crash ? (see bug #1668916)
Comment 1 Tomas Mraz 2019-04-02 08:46:51 UTC 
You need to use "supported" openssl library or use the OPENSSL_CONF=/etc/pki/openssl10.cnf workaround (with installed compat-openssl10 package).