diff options
author | Pauli <paul.dale@oracle.com> | 2020-08-26 13:41:30 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-08-28 19:21:29 +1000 |
commit | 33855c0af6046c2b36d1c541b0962e534fa6f8d9 (patch) | |
tree | 32c2db416b5c06d8709eb5fb69b77e04ba81edb4 /crypto/conf | |
parent | 3d94185718e592660fdf5b988bef294b6adf0739 (diff) |
conf: add diagnostic option
Add an option to configuration files "config_diagnostics" that when set to a
non-zero value, overrides the error ignoring flags. The outcome is that
diagnostic option is produced when e.g. sections are missing.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12663)
Diffstat (limited to 'crypto/conf')
-rw-r--r-- | crypto/conf/conf_mod.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index aebf38292a..a0b9fd3b61 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -79,6 +79,18 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, const char *value); +static int conf_diagnostics(const CONF *cnf) +{ + long int lflag = 0; + int res; + + ERR_set_mark(); + res = NCONF_get_number(cnf, NULL, "config_diagnostics", &lflag) + && lflag != 0; + ERR_pop_to_mark(); + return res; +} + /* Main function: load modules from a CONF structure */ int CONF_modules_load(const CONF *cnf, const char *appname, @@ -87,12 +99,17 @@ int CONF_modules_load(const CONF *cnf, const char *appname, STACK_OF(CONF_VALUE) *values; CONF_VALUE *vl; char *vsection = NULL; - int ret, i; if (!cnf) return 1; + if (conf_diagnostics(cnf)) + flags &= ~(CONF_MFLAGS_IGNORE_ERRORS + | CONF_MFLAGS_IGNORE_RETURN_CODES + | CONF_MFLAGS_SILENT + | CONF_MFLAGS_IGNORE_MISSING_FILE); + if (appname) vsection = NCONF_get_string(cnf, NULL, appname); @@ -135,7 +152,7 @@ int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx, { char *file = NULL; CONF *conf = NULL; - int ret = 0; + int ret = 0, diagnostics = 0; conf = NCONF_new_with_libctx(libctx, NULL); if (conf == NULL) @@ -159,13 +176,14 @@ int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx, } ret = CONF_modules_load(conf, appname, flags); + diagnostics = conf_diagnostics(conf); err: if (filename == NULL) OPENSSL_free(file); NCONF_free(conf); - if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES) + if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics) return 1; return ret; |