1

I am using Windows 10 Pro x64, openssl-0.9.8k_X64

I run command

openssl version -a

I received result openssl version -a

OpenSSL 0.9.8k 25 Mar 2009
built on: Thu Jul 23 09:35:27 2009
platform: VC-WIN64A
options:  bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx)
compiler: cl  /MD /Ox /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_USE_APPLINK -I. /Fdout32dll -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE
OPENSSLDIR: "c:openssl/ssl"

I focus on OPENSSLDIR: "c:openssl/ssl"

I try to set OPENSSLDIR in file openssl.cnf

#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

# This definition stops the following lines choking if HOME isn't
# defined.
# HOME          = .
HOME            = #
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#

# This definition stops the following lines choking if HOME isn't
# defined.
# HOME          = .
HOME            = C:/Users/vy_pc/Desktop/ssl_vy/WinOpenSSL/openssl-0.9.8k_X64

RANDFILE        = $ENV::HOME/.rnd

(a part of full content) But I run command again

openssl version -a

The value of OPENSSLDIR still like the previous.

Please explain about OPENSSLDIR, how to use, how to config on Windows operating system?

Improve this question

1 Answer 1

Reset to default
2

OPENSSLDIR is a value set at compile time. It specifies the default location where it will look for the configuration or CA certificates. There is no way to change this value.
Apart from that the version of openssl you use is terrible old, unsupported, probably has bugs and does not support modern TLS versions like TLS 1.2. Don't use it.

Improve this answer
5
  • I guess I have to install openssl again. I hope the developers of openssl see fit to use an environment variable to override the certificate directory location.
    – David Spector
    Commented Jul 22, 2022 at 18:40
  • 1
    @DavidSpector: There are SSL_CERT_DIR and SSL_CERT_FILE environment variables for setting the place to look for CA certificates - but not for the configuration. The OP was specifically asking for OPENSSLDIR though which is a compile time setting. See also openssl.org/docs/man1.1.1/man3/…
    – Steffen Ullrich
    Commented Jul 22, 2022 at 18:48
  • I reinstalled openssl from Shining Light Productions (slproweb.com/products/Win32OpenSSL.html), but PHP still reports the wrong cert dirs in its openssl_get_cert_locations function. I need to try those environment variables again.
    – David Spector
    Commented Jul 23, 2022 at 22:18
  • I changed both the SSL_CERT_DIR and SSL_CERT_FILE system environment variables in Windows, then restarted my local server, then the openssl_get_cert_locations still reported the same wrong paths, just as the last time I tried this.
    – David Spector
    Commented Jul 23, 2022 at 23:15
  • @DavidSpector: PHP adds another layer on top of OpenSSL. I don't know what this layer is doing - like it might set the certificate path explicitly, ignoring the environment variables. From my understanding the proper way to setup certificate path in PHP is not through some environment variables but within php.ini - see php.net/manual/en/openssl.configuration.php
    – Steffen Ullrich
    Commented Jul 24, 2022 at 3:20

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .