additional configuration documentation

Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-03-01 15:25:39 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-03-12 13:31:43 +0000
commit: 3d764db7a24e3dca1a3ee57202ce3c818d592141 (patch)
tree: 75fd199dd0b3ef5d6d5211d7771cc11149b6d8b0 /doc/apps/config.pod
parent: 007fd1404fc7a2ed33f6108bc3859d3814b44224 (diff)
1 files changed, 20 insertions, 2 deletions
diff --git a/doc/apps/config.pod b/doc/apps/config.pod
index 25c5381b9d..d5cce54f44 100644
--- a/doc/apps/config.pod
+++ b/doc/apps/config.pod
@@ -89,8 +89,7 @@ section containing configuration module specific information. E.g.
 
  ... engine stuff here ...
 
-Currently there are two configuration modules. One for ASN1 objects another
-for ENGINE configuration.
+The features of each configuration module are described below.
 
 =head2 ASN1 OBJECT CONFIGURATION MODULE
 
@@ -191,6 +190,25 @@ For example:
  # Supply all default algorithms
  default_algorithms = ALL
 
+=head2 EVP CONFIGURATION MODULE
+
+This modules has the name B<alg_section> which points to a section containing
+algorithm commands.
+
+Currently the only algorithm command supported is B<fips_mode> whose
+value should be a boolean string such as B<on> or B<off>. If the value is
+B<on> this attempt to enter FIPS mode. If the call fails or the library is
+not FIPS capable then an error occurs.
+
+For example:
+
+ alg_section = evp_settings
+
+ [evp_settings]
+
+ fips_mode = on
+
+
 =head1 NOTES
 
 If a configuration file attempts to expand a variable that doesn't exist
author	Dr. Stephen Henson <steve@openssl.org>	2015-03-01 15:25:39 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-03-12 13:31:43 +0000
commit	3d764db7a24e3dca1a3ee57202ce3c818d592141 (patch)
tree	75fd199dd0b3ef5d6d5211d7771cc11149b6d8b0 /doc/apps/config.pod
parent	007fd1404fc7a2ed33f6108bc3859d3814b44224 (diff)