'Can we stop an application integrated with OpenSSL from using openssl.conf/.cnf file using compile time option?

An application integrated with OpenSSL should not read openssl.cnf file. This is a security risk.

Have came across OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); but cannot use it since the application has CURL too which internally initializes OpenSSL.

Thus, only CURL is initialized but both OpenSSL and CURL are used simultaneously.

I did check out the Configure file of OpenSSL to look for compile time switch but did not find any.

openssllibcurl


Solution 1:[1]

no-autoload-config option can be used during compilation

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 dpb

Related Questions

Solving sslv3 alert handshake failure when trying to use a client certificate

make fails to build squid with openssl (deprecated functions used)

Create PKCS#1 formatted RSA key using OpenSSL v3.0.0

Mongodb SSL - unable to get issuer certificate

Convert p12 APNS certificate to base64 string

SSL Error Certificate subject name does not match target host for github.com

How to get configuration.h from configuration.h.in in OpenSSL?

Error opening CA private key when Create the intermediate pair

Create compatible Java "RSA" signature using a PKCS#8 encoded private key

How do I use a X509 certificate with PyCrypto?

gem eventmachine fatal error: 'openssl/ssl.h' file not found

SSL error unsafe legacy renegotiation disabled

PHP Startup: Unable to load dynamic library 'openssl' in Ubuntu

builder error: 'openssl/rand.h' not found [Windows 10]

Building Python 3.7.1 - SSL module failed