APPS: Allow OPENSSL_CONF to be empty, not loading a config file

Also document the function CONF_get1_default_config_file()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)

4 files changed, 20 insertions, 7 deletions

diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index abb5d5e3e4..3396f684f9 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -83,10 +83,13 @@ Many commands use an external configuration file for some or all of their
 arguments and have a B<-config> option to specify that file.
 The default name of the file is F<openssl.cnf> in the default certificate
 storage area, which can be determined from the L<openssl-version(1)>
-command. This can be used to load modules.
-The environment variable B<OPENSSL_CONF> can be used to specify
-a different location of the file.
-See L<openssl-env(7)>.
+command using the B<-d> or B<-a> option.
+The environment variable B<OPENSSL_CONF> can be used to specify a different
+file location or to disable loading a configuration (using the empty string).
+
+Among others, the configuration file can be used to load modules
+and to specify parameters for generating certificates and random numbers.
+See L<config(5)> for details.
 
 =head2 Standard Commands
 
diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod
index fff60c192e..59e8f6f34c 100644
--- a/doc/man3/CONF_modules_load_file.pod
+++ b/doc/man3/CONF_modules_load_file.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+CONF_get1_default_config_file,
 CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
 - OpenSSL configuration functions
 
@@ -9,6 +10,7 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
 
  #include <openssl/conf.h>
 
+ char *CONF_get1_default_config_file(void);
  int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
                                const char *appname, unsigned long flags);
  int CONF_modules_load_file(const char *filename, const char *appname,
@@ -18,9 +20,17 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
 
 =head1 DESCRIPTION
 
+The function CONF_get1_default_config_file() determines the default
+configuration file pathname as follows.
+If the B<OPENSSL_CONF> environment variable is set its value is returned.
+Else the function returns the path obtained using
+L<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended.
+The caller is responsible for freeing any string returned.
+
 The function CONF_modules_load_file_ex() configures OpenSSL using
 library context B<libctx> file B<filename> and application name B<appname>.
-If B<filename> is NULL the standard OpenSSL configuration file is used.
+If B<filename> is NULL the standard OpenSSL configuration file is used
+as determined by calling CONF_get1_default_config_file().
 If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
 used.
 The behaviour can be customized using B<flags>. Note that, the error suppressing
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 45165f20ec..de4b5aec59 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -502,7 +502,7 @@ F<sample>.
 
 =item B<OPENSSL_CONF>
 
-The path to the config file.
+The path to the config file, or the empty string for none.
 Ignored in set-user-ID and set-group-ID programs.
 
 =item B<OPENSSL_ENGINES>
diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod
index 8e131affb7..4702615e8a 100644
--- a/doc/man7/openssl-env.pod
+++ b/doc/man7/openssl-env.pod
@@ -28,7 +28,7 @@ and by the B<CA.pl> script (see L<CA.pl(1)/NOTES>
 
 Specifies the path to a configuration file and the directory for
 included files.
-See L<openssl(1)> and L<config(5)>.
+See L<config(5)>.
 
 =item B<OPENSSL_CONFIG>