diff options
| author | Pauli <paul.dale@oracle.com> | 2020-08-26 13:41:30 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-08-28 19:21:29 +1000 |
| commit | 33855c0af6046c2b36d1c541b0962e534fa6f8d9 (patch) | |
| tree | 32c2db416b5c06d8709eb5fb69b77e04ba81edb4 /doc/man5 | |
| parent | 3d94185718e592660fdf5b988bef294b6adf0739 (diff) | |
conf: add diagnostic option
Add an option to configuration files "config_diagnostics" that when set to a
non-zero value, overrides the error ignoring flags. The outcome is that
diagnostic option is produced when e.g. sections are missing.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12663)
Diffstat (limited to 'doc/man5')
| -rw-r--r-- | doc/man5/config.pod | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 2618cef588..46d60f6ced 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -160,6 +160,12 @@ how to configure any modules in the library. It is not an error to leave any module in its default configuration. An application can specify a different name by calling CONF_modules_load_file(), for example, directly. +OpenSSL also looks up the value of B<config_diagnostics>. +If this exists and has a nonzero numeric value, any error suppressing flags +passed to CONF_modules_load() will be ignored. +This is useful for diagnosing misconfigurations and should not be used in +production. + # This must be in the default section openssl_conf = openssl_init @@ -482,6 +488,7 @@ L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>, L<openssl-fipsinstall(1)>, L<ASN1_generate_nconf(3)>, L<EVP_set_default_properties(3)>, +L<CONF_modules_load(3)>, L<CONF_modules_load_file(3)>, L<fips_config(5)>, and L<x509v3_config(5)>. |