CONF_get1_default_config_file, CONF_modules_load_file_ex,
CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
#include <openssl/conf.h>
char *CONF_get1_default_config_file(void);
int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
const char *appname, unsigned long flags);
int CONF_modules_load_file(const char *filename, const char *appname,
unsigned long flags);
int CONF_modules_load(const CONF *cnf, const char *appname,
unsigned long flags);
The function
CONF_get1_default_config_file() determines the default
configuration file pathname as follows. If the
OPENSSL_CONF environment
variable is set its value is returned. Else the function returns the path
obtained using
X509_get_default_cert_area(3) with the filename
"openssl.cnf" appended. The caller is responsible for freeing any
string returned.
The function
CONF_modules_load_file_ex() configures OpenSSL using library
context
libctx file
filename and application name
appname. If
filename is NULL the standard OpenSSL configuration
file is used as determined by calling
CONF_get1_default_config_file().
If
appname is NULL the standard OpenSSL application name
openssl_conf is used. The behaviour can be customized using
flags. Note that, the error suppressing can be overridden by
config_diagnostics as described in
config(5).
CONF_modules_load_file() is the same as
CONF_modules_load_file_ex() but has a NULL library context.
CONF_modules_load() is identical to
CONF_modules_load_file()
except it reads configuration information from
cnf.
The following
flags are currently recognized:
If
CONF_MFLAGS_IGNORE_ERRORS is set errors returned by individual
configuration modules are ignored. If not set the first module error is
considered fatal and no further modules are loaded.
Normally any modules errors will add error information to the error queue. If
CONF_MFLAGS_SILENT is set no error information is added.
If
CONF_MFLAGS_IGNORE_RETURN_CODES is set the function unconditionally
returns success. This is used by default in
OPENSSL_init_crypto(3) to
ignore any errors in the default system-wide configuration file, as having all
OpenSSL applications fail to start when there are potentially minor issues in
the file is too risky. Applications calling
CONF_modules_load_file_ex
explicitly should not generally set this flag.
If
CONF_MFLAGS_NO_DSO is set configuration module loading from DSOs is
disabled.
CONF_MFLAGS_IGNORE_MISSING_FILE if set will make
CONF_load_modules_file() ignore missing configuration files. Normally a
missing configuration file return an error.
CONF_MFLAGS_DEFAULT_SECTION if set and
appname is not NULL will
use the default section pointed to by
openssl_conf if
appname
does not exist.
By using
CONF_modules_load_file_ex() with appropriate flags an
application can customise application configuration to best suit its needs. In
some cases the use of a configuration file is optional and its absence is not
an error: in this case
CONF_MFLAGS_IGNORE_MISSING_FILE would be set.
Errors during configuration may also be handled differently by different
applications. For example in some cases an error may simply print out a
warning message and the application continue. In other cases an application
might consider a configuration file error as fatal and exit immediately.
Applications can use the
CONF_modules_load() function if they wish to
load a configuration file themselves and have finer control over how errors
are treated.
These functions return 1 for success and a zero or negative value for failure.
If module errors are not ignored the return code will reflect the return value
of the failing module (this will always be zero or negative).
Load a configuration file and print out any errors and exit (missing file
considered fatal):
if (CONF_modules_load_file_ex(libctx, NULL, NULL, 0) <= 0) {
fprintf(stderr, "FATAL: error loading configuration file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
Load default configuration file using the section indicated by
"myapp", tolerate missing files, but exit on other errors:
if (CONF_modules_load_file_ex(NULL, NULL, "myapp",
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
fprintf(stderr, "FATAL: error loading configuration file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
Load custom configuration file and section, only print warnings on error,
missing configuration file ignored:
if (CONF_modules_load_file_ex(NULL, "/something/app.cnf", "myapp",
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
fprintf(stderr, "WARNING: error loading configuration file\n");
ERR_print_errors_fp(stderr);
}
Load and parse configuration file manually, custom error handling:
FILE *fp;
CONF *cnf = NULL;
long eline;
fp = fopen("/somepath/app.cnf", "r");
if (fp == NULL) {
fprintf(stderr, "Error opening configuration file\n");
/* Other missing configuration file behaviour */
} else {
cnf = NCONF_new_ex(libctx, NULL);
if (NCONF_load_fp(cnf, fp, &eline) == 0) {
fprintf(stderr, "Error on line %ld of configuration file\n", eline);
ERR_print_errors_fp(stderr);
/* Other malformed configuration file behaviour */
} else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
fprintf(stderr, "Error configuring application\n");
ERR_print_errors_fp(stderr);
/* Other configuration error behaviour */
}
fclose(fp);
NCONF_free(cnf);
}
config(5),
OPENSSL_config(3),
NCONF_new_ex(3)
Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy in the
file LICENSE in the source distribution or at
<
https://www.openssl.org/source/license.html>.