1e1051a39Sopenharmony_ci=pod 2e1051a39Sopenharmony_ci 3e1051a39Sopenharmony_ci=head1 NAME 4e1051a39Sopenharmony_ci 5e1051a39Sopenharmony_ciCONF_get1_default_config_file, 6e1051a39Sopenharmony_ciCONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load 7e1051a39Sopenharmony_ci- OpenSSL configuration functions 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci=head1 SYNOPSIS 10e1051a39Sopenharmony_ci 11e1051a39Sopenharmony_ci #include <openssl/conf.h> 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ci char *CONF_get1_default_config_file(void); 14e1051a39Sopenharmony_ci int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, 15e1051a39Sopenharmony_ci const char *appname, unsigned long flags); 16e1051a39Sopenharmony_ci int CONF_modules_load_file(const char *filename, const char *appname, 17e1051a39Sopenharmony_ci unsigned long flags); 18e1051a39Sopenharmony_ci int CONF_modules_load(const CONF *cnf, const char *appname, 19e1051a39Sopenharmony_ci unsigned long flags); 20e1051a39Sopenharmony_ci 21e1051a39Sopenharmony_ci=head1 DESCRIPTION 22e1051a39Sopenharmony_ci 23e1051a39Sopenharmony_ciThe function CONF_get1_default_config_file() determines the default 24e1051a39Sopenharmony_ciconfiguration file pathname as follows. 25e1051a39Sopenharmony_ciIf the B<OPENSSL_CONF> environment variable is set its value is returned. 26e1051a39Sopenharmony_ciElse the function returns the path obtained using 27e1051a39Sopenharmony_ciL<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended. 28e1051a39Sopenharmony_ciThe caller is responsible for freeing any string returned. 29e1051a39Sopenharmony_ci 30e1051a39Sopenharmony_ciThe function CONF_modules_load_file_ex() configures OpenSSL using 31e1051a39Sopenharmony_cilibrary context B<libctx> file B<filename> and application name B<appname>. 32e1051a39Sopenharmony_ciIf B<filename> is NULL the standard OpenSSL configuration file is used 33e1051a39Sopenharmony_cias determined by calling CONF_get1_default_config_file(). 34e1051a39Sopenharmony_ciIf B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is 35e1051a39Sopenharmony_ciused. 36e1051a39Sopenharmony_ciThe behaviour can be customized using B<flags>. Note that, the error suppressing 37e1051a39Sopenharmony_cican be overriden by B<config_diagnostics> as described in L<config(5)>. 38e1051a39Sopenharmony_ci 39e1051a39Sopenharmony_ciCONF_modules_load_file() is the same as CONF_modules_load_file_ex() but 40e1051a39Sopenharmony_cihas a NULL library context. 41e1051a39Sopenharmony_ci 42e1051a39Sopenharmony_ciCONF_modules_load() is identical to CONF_modules_load_file() except it 43e1051a39Sopenharmony_cireads configuration information from B<cnf>. 44e1051a39Sopenharmony_ci 45e1051a39Sopenharmony_ci=head1 NOTES 46e1051a39Sopenharmony_ci 47e1051a39Sopenharmony_ciThe following B<flags> are currently recognized: 48e1051a39Sopenharmony_ci 49e1051a39Sopenharmony_ciIf B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual 50e1051a39Sopenharmony_ciconfiguration modules are ignored. If not set the first module error is 51e1051a39Sopenharmony_ciconsidered fatal and no further modules are loaded. 52e1051a39Sopenharmony_ci 53e1051a39Sopenharmony_ciNormally any modules errors will add error information to the error queue. If 54e1051a39Sopenharmony_ciB<CONF_MFLAGS_SILENT> is set no error information is added. 55e1051a39Sopenharmony_ci 56e1051a39Sopenharmony_ciIf B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally 57e1051a39Sopenharmony_cireturns success. 58e1051a39Sopenharmony_ciThis is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in 59e1051a39Sopenharmony_cithe default system-wide configuration file, as having all OpenSSL applications 60e1051a39Sopenharmony_cifail to start when there are potentially minor issues in the file is too risky. 61e1051a39Sopenharmony_ciApplications calling B<CONF_modules_load_file_ex> explicitly should not 62e1051a39Sopenharmony_cigenerally set this flag. 63e1051a39Sopenharmony_ci 64e1051a39Sopenharmony_ciIf B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is 65e1051a39Sopenharmony_cidisabled. 66e1051a39Sopenharmony_ci 67e1051a39Sopenharmony_ciB<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file() 68e1051a39Sopenharmony_ciignore missing configuration files. Normally a missing configuration file 69e1051a39Sopenharmony_cireturn an error. 70e1051a39Sopenharmony_ci 71e1051a39Sopenharmony_ciB<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the 72e1051a39Sopenharmony_cidefault section pointed to by B<openssl_conf> if B<appname> does not exist. 73e1051a39Sopenharmony_ci 74e1051a39Sopenharmony_ciBy using CONF_modules_load_file_ex() with appropriate flags an 75e1051a39Sopenharmony_ciapplication can customise application configuration to best suit its needs. 76e1051a39Sopenharmony_ciIn some cases the use of a configuration file is optional and its absence is not 77e1051a39Sopenharmony_cian error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set. 78e1051a39Sopenharmony_ci 79e1051a39Sopenharmony_ciErrors during configuration may also be handled differently by different 80e1051a39Sopenharmony_ciapplications. For example in some cases an error may simply print out a warning 81e1051a39Sopenharmony_cimessage and the application continue. In other cases an application might 82e1051a39Sopenharmony_ciconsider a configuration file error as fatal and exit immediately. 83e1051a39Sopenharmony_ci 84e1051a39Sopenharmony_ciApplications can use the CONF_modules_load() function if they wish to load a 85e1051a39Sopenharmony_ciconfiguration file themselves and have finer control over how errors are 86e1051a39Sopenharmony_citreated. 87e1051a39Sopenharmony_ci 88e1051a39Sopenharmony_ci=head1 RETURN VALUES 89e1051a39Sopenharmony_ci 90e1051a39Sopenharmony_ciThese functions return 1 for success and a zero or negative value for 91e1051a39Sopenharmony_cifailure. If module errors are not ignored the return code will reflect the 92e1051a39Sopenharmony_cireturn value of the failing module (this will always be zero or negative). 93e1051a39Sopenharmony_ci 94e1051a39Sopenharmony_ci=head1 EXAMPLES 95e1051a39Sopenharmony_ci 96e1051a39Sopenharmony_ciLoad a configuration file and print out any errors and exit (missing file 97e1051a39Sopenharmony_ciconsidered fatal): 98e1051a39Sopenharmony_ci 99e1051a39Sopenharmony_ci if (CONF_modules_load_file_ex(libctx, NULL, NULL, 0) <= 0) { 100e1051a39Sopenharmony_ci fprintf(stderr, "FATAL: error loading configuration file\n"); 101e1051a39Sopenharmony_ci ERR_print_errors_fp(stderr); 102e1051a39Sopenharmony_ci exit(1); 103e1051a39Sopenharmony_ci } 104e1051a39Sopenharmony_ci 105e1051a39Sopenharmony_ciLoad default configuration file using the section indicated by "myapp", 106e1051a39Sopenharmony_citolerate missing files, but exit on other errors: 107e1051a39Sopenharmony_ci 108e1051a39Sopenharmony_ci if (CONF_modules_load_file_ex(NULL, NULL, "myapp", 109e1051a39Sopenharmony_ci CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { 110e1051a39Sopenharmony_ci fprintf(stderr, "FATAL: error loading configuration file\n"); 111e1051a39Sopenharmony_ci ERR_print_errors_fp(stderr); 112e1051a39Sopenharmony_ci exit(1); 113e1051a39Sopenharmony_ci } 114e1051a39Sopenharmony_ci 115e1051a39Sopenharmony_ciLoad custom configuration file and section, only print warnings on error, 116e1051a39Sopenharmony_cimissing configuration file ignored: 117e1051a39Sopenharmony_ci 118e1051a39Sopenharmony_ci if (CONF_modules_load_file_ex(NULL, "/something/app.cnf", "myapp", 119e1051a39Sopenharmony_ci CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { 120e1051a39Sopenharmony_ci fprintf(stderr, "WARNING: error loading configuration file\n"); 121e1051a39Sopenharmony_ci ERR_print_errors_fp(stderr); 122e1051a39Sopenharmony_ci } 123e1051a39Sopenharmony_ci 124e1051a39Sopenharmony_ciLoad and parse configuration file manually, custom error handling: 125e1051a39Sopenharmony_ci 126e1051a39Sopenharmony_ci FILE *fp; 127e1051a39Sopenharmony_ci CONF *cnf = NULL; 128e1051a39Sopenharmony_ci long eline; 129e1051a39Sopenharmony_ci 130e1051a39Sopenharmony_ci fp = fopen("/somepath/app.cnf", "r"); 131e1051a39Sopenharmony_ci if (fp == NULL) { 132e1051a39Sopenharmony_ci fprintf(stderr, "Error opening configuration file\n"); 133e1051a39Sopenharmony_ci /* Other missing configuration file behaviour */ 134e1051a39Sopenharmony_ci } else { 135e1051a39Sopenharmony_ci cnf = NCONF_new_ex(libctx, NULL); 136e1051a39Sopenharmony_ci if (NCONF_load_fp(cnf, fp, &eline) == 0) { 137e1051a39Sopenharmony_ci fprintf(stderr, "Error on line %ld of configuration file\n", eline); 138e1051a39Sopenharmony_ci ERR_print_errors_fp(stderr); 139e1051a39Sopenharmony_ci /* Other malformed configuration file behaviour */ 140e1051a39Sopenharmony_ci } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { 141e1051a39Sopenharmony_ci fprintf(stderr, "Error configuring application\n"); 142e1051a39Sopenharmony_ci ERR_print_errors_fp(stderr); 143e1051a39Sopenharmony_ci /* Other configuration error behaviour */ 144e1051a39Sopenharmony_ci } 145e1051a39Sopenharmony_ci fclose(fp); 146e1051a39Sopenharmony_ci NCONF_free(cnf); 147e1051a39Sopenharmony_ci } 148e1051a39Sopenharmony_ci 149e1051a39Sopenharmony_ci=head1 SEE ALSO 150e1051a39Sopenharmony_ci 151e1051a39Sopenharmony_ciL<config(5)>, 152e1051a39Sopenharmony_ciL<OPENSSL_config(3)>, 153e1051a39Sopenharmony_ciL<NCONF_new_ex(3)> 154e1051a39Sopenharmony_ci 155e1051a39Sopenharmony_ci=head1 COPYRIGHT 156e1051a39Sopenharmony_ci 157e1051a39Sopenharmony_ciCopyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. 158e1051a39Sopenharmony_ci 159e1051a39Sopenharmony_ciLicensed under the Apache License 2.0 (the "License"). You may not use 160e1051a39Sopenharmony_cithis file except in compliance with the License. You can obtain a copy 161e1051a39Sopenharmony_ciin the file LICENSE in the source distribution or at 162e1051a39Sopenharmony_ciL<https://www.openssl.org/source/license.html>. 163e1051a39Sopenharmony_ci 164e1051a39Sopenharmony_ci=cut 165