Comment 7 for bug 998918

I spent a little time debugging this. I don't think it is a matter of a missing config file.

When you 'source vars', one of the things that happens is this:

> # This variable should point to
> # the openssl.cnf file included
> # with easy-rsa.
> export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

If you look at whichopensslcnf, you see that the first section includes logic for determining the correct config file to used based on the OpenSSL version installed on the system.

On my system (12.04 lts), 'openssl version' produces the following output:

> # openssl version
> OpenSSL 1.0.1 14 Mar 2012

Which, presumably, should generate a match in this code in whichopensslcnf:

> elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then
> cnf="$1/openssl-1.0.0.cnf"
> else
> cnf="$1/openssl.cnf"
> fi

Instead it is falling through to the default value (tested by running the grep command on its own) , which results in the output noted by others above.

One workaround is to symlink openssl.cnf to the appropriate config file mentioned above. The solution is to fix the pattern matching...