diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-10 21:02:47 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-13 11:53:15 +0100 |
commit | 157959438308e586593592cc751195fbf3930a7d (patch) | |
tree | 16894ebf050450cd8245293e51f933981aeaea81 /doc | |
parent | ec2bfb7d23b4790a5fbe3b5d73a3418966d7e8ad (diff) |
APPS: Allow OPENSSL_CONF to be empty, not loading a config file
Also document the function CONF_get1_default_config_file()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl.pod | 11 | ||||
-rw-r--r-- | doc/man3/CONF_modules_load_file.pod | 12 | ||||
-rw-r--r-- | doc/man5/config.pod | 2 | ||||
-rw-r--r-- | doc/man7/openssl-env.pod | 2 |
4 files changed, 20 insertions, 7 deletions
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index abb5d5e3e4..3396f684f9 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -83,10 +83,13 @@ Many commands use an external configuration file for some or all of their arguments and have a B<-config> option to specify that file. The default name of the file is F<openssl.cnf> in the default certificate storage area, which can be determined from the L<openssl-version(1)> -command. This can be used to load modules. -The environment variable B<OPENSSL_CONF> can be used to specify -a different location of the file. -See L<openssl-env(7)>. +command using the B<-d> or B<-a> option. +The environment variable B<OPENSSL_CONF> can be used to specify a different +file location or to disable loading a configuration (using the empty string). + +Among others, the configuration file can be used to load modules +and to specify parameters for generating certificates and random numbers. +See L<config(5)> for details. =head2 Standard Commands diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index fff60c192e..59e8f6f34c 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -2,6 +2,7 @@ =head1 NAME +CONF_get1_default_config_file, CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions @@ -9,6 +10,7 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load #include <openssl/conf.h> + char *CONF_get1_default_config_file(void); int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, const char *appname, unsigned long flags); int CONF_modules_load_file(const char *filename, const char *appname, @@ -18,9 +20,17 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load =head1 DESCRIPTION +The function CONF_get1_default_config_file() determines the default +configuration file pathname as follows. +If the B<OPENSSL_CONF> environment variable is set its value is returned. +Else the function returns the path obtained using +L<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended. +The caller is responsible for freeing any string returned. + The function CONF_modules_load_file_ex() configures OpenSSL using library context B<libctx> file B<filename> and application name B<appname>. -If B<filename> is NULL the standard OpenSSL configuration file is used. +If B<filename> is NULL the standard OpenSSL configuration file is used +as determined by calling CONF_get1_default_config_file(). If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is used. The behaviour can be customized using B<flags>. Note that, the error suppressing diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 45165f20ec..de4b5aec59 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -502,7 +502,7 @@ F<sample>. =item B<OPENSSL_CONF> -The path to the config file. +The path to the config file, or the empty string for none. Ignored in set-user-ID and set-group-ID programs. =item B<OPENSSL_ENGINES> diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index 8e131affb7..4702615e8a 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -28,7 +28,7 @@ and by the B<CA.pl> script (see L<CA.pl(1)/NOTES> Specifies the path to a configuration file and the directory for included files. -See L<openssl(1)> and L<config(5)>. +See L<config(5)>. =item B<OPENSSL_CONFIG> |