Allow openssl version to function in the absence of a config file

the openssl application attempts to load a config file on startup
always, calling x509_get_default_cert_area() to locate the file.  On
Windows builds with -DOSSL_WINCTX set, this fails if the corresponding
registry keys are unset. allow openssl to continue to function properly
for applets that don't actually require a configuration file.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index fc194ebcbbfece47a709b61b6871c36af5f0b0a8..a65229fb01017f40547285cc79fe8ed60de64930 100644 (file)
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -54,7 +54,6 @@ jobs:
     - name: Gather openssl version info
       working-directory: _build
       run: |
-        $Env:OPENSSL_CONF="apps\openssl.cnf"
         apps/openssl.exe version -v
         apps/openssl.exe version -v | %{($_ -split '\s+')[1]} 
         apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'} 

diff --git a/.github/workflows/windows_comp.yml b/.github/workflows/windows_comp.yml
index 36f4caf084ad8498a3515ca843e68f6da0035679..e7f8922ccfb139e8bebdd0448cc5ea5dd0976215 100644 (file)
--- a/.github/workflows/windows_comp.yml
+++ b/.github/workflows/windows_comp.yml
@@ -36,7 +36,6 @@ jobs:
     - name: Gather openssl version info
       working-directory: _build
       run: |
-        $Env:OPENSSL_CONF="apps\openssl.cnf"
         apps/openssl.exe version -v
         apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
         apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'} 

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 5e0681e6db3157a7e6ae8b6119b71ca544a76b21..9d49a5f69d109ad4420dfde16b15bfdd46031b2f 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -692,8 +692,18 @@ char *CONF_get1_default_config_file(void)
         return OPENSSL_strdup(file);
 
     t = X509_get_default_cert_area();
+    /*
+     * On windows systems with -DOSSL_WINCTX set, if the needed registry
+     * keys are not yet set, openssl applets will return, due to an inability
+     * to locate various directories, like the default cert area.  In that
+     * event, clone an empty string here, so that commands like openssl version
+     * continue to operate properly without needing to set OPENSSL_CONF.
+     * Applets like cms will fail gracefully later when they try to parse an
+     * empty config file
+     */
     if (t == NULL)
-        return NULL;
+        return OPENSSL_strdup("");
+
 #ifndef OPENSSL_SYS_VMS
     sep = "/";
 #endif