Comment # 9 on bug 1194187 from 
Thanks again. In playing around, it seems there is some sort of issue with the
addition of these two lines:
openssl_conf = openssl_init

[openssl_init]

When I added those, I was following the documentation at
https://www.openssl.org/docs/man1.1.1/man5/config.html

If I remove them or comment them out, the CSR file gets created, but the
engines definitions don't get created, even though the include files are read.
It's as though these two lines are being totally ignored without the section
header:
oid_section = new_oids
engines = engine_section

Which seems odd, since the documentation says:
The first section of a configuration file is special and is referred to as the
default section. This section is usually unnamed and spans from the start of
file until the first named section. 

Without those two lines, the old_section and engines lines should be considered
as being in the default section.

This is starting to look more like an openssl bug to me, rather than the
changes I made being somehow wrong. Just what that means for Marcus adding the
[SAN] section for his needs is really not clear. It seems as though his
particular command only requires the "[ req_distinguished_name ]" section from
openssl.cnf. But, none of those values are customized by us, so it's all very
generic.

I don't know enough about openssl to be sure, but this kind of looks like this
is relevant:
https://github.com/openssl/openssl/issues/4598#issuecomment-341321065

Pedro, if you could take a look at this, I would appreciate it.

You are receiving this mail because: