diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-01-01 02:53:24 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-01-07 13:53:52 -0500 |
| commit | 25eb9299cec4404a4cdf3167056bd147af2582f3 (patch) | |
| tree | 5ac56b44b67281dc303b00d583418362182cc790 /include | |
| parent | 1bfd76b3afa0abc275e9a60ee0ea7b22c4fb842a (diff) | |
More configurable crypto and ssl library initialization
1. In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().
2. By default we still keep going when configuration file
processing fails. But, applications that want to be
strict about initialization errors can now make explicit
flag choices via non-null OPENSSL_INIT_SETTINGS that omit
the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far
been both undocumented and unused).
3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.
4. Don't set up atexit() handlers when called with opts equal to
OPENSSL_INIT_BASE_ONLY (this flag should only be used alone).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7969)
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/conf.h | 9 | ||||
| -rw-r--r-- | include/openssl/crypto.h | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/include/internal/conf.h b/include/internal/conf.h index dc1e72508a..0b818c6d92 100644 --- a/include/internal/conf.h +++ b/include/internal/conf.h @@ -12,11 +12,18 @@ #include <openssl/conf.h> +#define DEFAULT_CONF_MFLAGS \ + (CONF_MFLAGS_DEFAULT_SECTION | \ + CONF_MFLAGS_IGNORE_MISSING_FILE | \ + CONF_MFLAGS_IGNORE_RETURN_CODES) + struct ossl_init_settings_st { + char *filename; char *appname; + unsigned long flags; }; -void openssl_config_int(const char *appname); +int openssl_config_int(const OPENSSL_INIT_SETTINGS *); void openssl_no_config_int(void); void conf_modules_free_int(void); diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index d23d9b3156..150fc1ae54 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -397,8 +397,12 @@ void OPENSSL_thread_stop(void); /* Low-level control of initialization */ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); # ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *config_file); + const char *config_appname); # endif void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); |