|
@@ -2,12 +2,16 @@
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
-CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
|
|
|
+CONF_modules_load_file_with_libctx, CONF_modules_load_file, CONF_modules_load
|
|
|
+- OpenSSL configuration functions
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
#include <openssl/conf.h>
|
|
|
|
|
|
+ int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
|
|
|
+ const char *filename,
|
|
|
+ const char *appname, unsigned long flags);
|
|
|
int CONF_modules_load_file(const char *filename, const char *appname,
|
|
|
unsigned long flags);
|
|
|
int CONF_modules_load(const CONF *cnf, const char *appname,
|
|
@@ -15,12 +19,16 @@ CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
-The function CONF_modules_load_file() configures OpenSSL using file
|
|
|
-B<filename> and application name B<appname>. If B<filename> is NULL
|
|
|
-the standard OpenSSL configuration file is used. If B<appname> is
|
|
|
-NULL the standard OpenSSL application name B<openssl_conf> is used.
|
|
|
+The function CONF_modules_load_file_with_libctx() configures OpenSSL using
|
|
|
+library context B<libctx> file B<filename> and application name B<appname>.
|
|
|
+If B<filename> is NULL the standard OpenSSL configuration file is used.
|
|
|
+If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
|
|
|
+used.
|
|
|
The behaviour can be customized using B<flags>.
|
|
|
|
|
|
+CONF_modules_load_file() is the same as CONF_modules_load_file_with_libctx() but
|
|
|
+has a NULL library context.
|
|
|
+
|
|
|
CONF_modules_load() is identical to CONF_modules_load_file() except it
|
|
|
reads configuration information from B<cnf>.
|
|
|
|
|
@@ -40,8 +48,8 @@ returns success.
|
|
|
This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
|
|
|
the default system-wide configuration file, as having all OpenSSL applications
|
|
|
fail to start when there are potentially minor issues in the file is too risky.
|
|
|
-Applications calling B<CONF_modules_load_file> explicitly should not generally
|
|
|
-set this flag.
|
|
|
+Applications calling B<CONF_modules_load_file_with_libctx> explicitly should not
|
|
|
+generally set this flag.
|
|
|
|
|
|
If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
|
|
|
disabled.
|
|
@@ -53,10 +61,10 @@ return an error.
|
|
|
B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
|
|
|
default section pointed to by B<openssl_conf> if B<appname> does not exist.
|
|
|
|
|
|
-By using CONF_modules_load_file() with appropriate flags an application can
|
|
|
-customise application configuration to best suit its needs. In some cases the
|
|
|
-use of a configuration file is optional and its absence is not an error: in
|
|
|
-this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
|
|
|
+By using CONF_modules_load_file_with_libctx() with appropriate flags an
|
|
|
+application can customise application configuration to best suit its needs.
|
|
|
+In some cases the use of a configuration file is optional and its absence is not
|
|
|
+an error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
|
|
|
|
|
|
Errors during configuration may also be handled differently by different
|
|
|
applications. For example in some cases an error may simply print out a warning
|
|
@@ -78,7 +86,7 @@ return value of the failing module (this will always be zero or negative).
|
|
|
Load a configuration file and print out any errors and exit (missing file
|
|
|
considered fatal):
|
|
|
|
|
|
- if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
|
|
|
+ if (CONF_modules_load_file_with_libctx(libctx, NULL, NULL, 0) <= 0) {
|
|
|
fprintf(stderr, "FATAL: error loading configuration file\n");
|
|
|
ERR_print_errors_fp(stderr);
|
|
|
exit(1);
|
|
@@ -87,8 +95,8 @@ considered fatal):
|
|
|
Load default configuration file using the section indicated by "myapp",
|
|
|
tolerate missing files, but exit on other errors:
|
|
|
|
|
|
- if (CONF_modules_load_file(NULL, "myapp",
|
|
|
- CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
|
|
+ if (CONF_modules_load_file_with_libctx(NULL, NULL, "myapp",
|
|
|
+ CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
|
|
fprintf(stderr, "FATAL: error loading configuration file\n");
|
|
|
ERR_print_errors_fp(stderr);
|
|
|
exit(1);
|
|
@@ -97,8 +105,8 @@ tolerate missing files, but exit on other errors:
|
|
|
Load custom configuration file and section, only print warnings on error,
|
|
|
missing configuration file ignored:
|
|
|
|
|
|
- if (CONF_modules_load_file("/something/app.cnf", "myapp",
|
|
|
- CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
|
|
+ if (CONF_modules_load_file_with_libctx(NULL, "/something/app.cnf", "myapp",
|
|
|
+ CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
|
|
fprintf(stderr, "WARNING: error loading configuration file\n");
|
|
|
ERR_print_errors_fp(stderr);
|
|
|
}
|
|
@@ -114,7 +122,7 @@ Load and parse configuration file manually, custom error handling:
|
|
|
fprintf(stderr, "Error opening configuration file\n");
|
|
|
/* Other missing configuration file behaviour */
|
|
|
} else {
|
|
|
- cnf = NCONF_new(NULL);
|
|
|
+ cnf = NCONF_new_with_libctx(libctx, NULL);
|
|
|
if (NCONF_load_fp(cnf, fp, &eline) == 0) {
|
|
|
fprintf(stderr, "Error on line %ld of configuration file\n", eline);
|
|
|
ERR_print_errors_fp(stderr);
|
|
@@ -130,11 +138,13 @@ Load and parse configuration file manually, custom error handling:
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
-L<config(5)>, L<OPENSSL_config(3)>
|
|
|
+L<config(5)>,
|
|
|
+L<OPENSSL_config(3)>,
|
|
|
+L<NCONF_new_with_libctx(3)>
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
-Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
+Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
this file except in compliance with the License. You can obtain a copy
|