diff options
-rw-r--r-- | CHANGES.md | 8 | ||||
-rw-r--r-- | doc/build.info | 6 | ||||
-rw-r--r-- | doc/man3/OSSL_LIB_CTX_set_conf_diagnostics.pod | 53 |
3 files changed, 66 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index 1258a44b52..9211c30be3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -39,7 +39,13 @@ OpenSSL 3.4 * The X25519 and X448 key exchange implementation in the FIPS provider is unapproved and has `fips=no` property. - * Tomas Mraz* + *Tomáš Mráz* + + * Setting `config_diagnostics=1` in the config file will cause errors to + be returned from SSL_CTX_new() and SSL_CTX_new_ex() if there is an error + in the ssl module configuration. + + *Tomáš Mráz* * Use an empty renegotiate extension in TLS client hellos instead of the empty renegotiation SCSV, for all connections with a minimum TLS diff --git a/doc/build.info b/doc/build.info index 3214d0843b..114a37ce4a 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1739,6 +1739,10 @@ DEPEND[html/man3/OSSL_LIB_CTX.html]=man3/OSSL_LIB_CTX.pod GENERATE[html/man3/OSSL_LIB_CTX.html]=man3/OSSL_LIB_CTX.pod DEPEND[man/man3/OSSL_LIB_CTX.3]=man3/OSSL_LIB_CTX.pod GENERATE[man/man3/OSSL_LIB_CTX.3]=man3/OSSL_LIB_CTX.pod +DEPEND[html/man3/OSSL_LIB_CTX_set_conf_diagnostics.html]=man3/OSSL_LIB_CTX_set_conf_diagnostics.pod +GENERATE[html/man3/OSSL_LIB_CTX_set_conf_diagnostics.html]=man3/OSSL_LIB_CTX_set_conf_diagnostics.pod +DEPEND[man/man3/OSSL_LIB_CTX_set_conf_diagnostics.3]=man3/OSSL_LIB_CTX_set_conf_diagnostics.pod +GENERATE[man/man3/OSSL_LIB_CTX_set_conf_diagnostics.3]=man3/OSSL_LIB_CTX_set_conf_diagnostics.pod DEPEND[html/man3/OSSL_PARAM.html]=man3/OSSL_PARAM.pod GENERATE[html/man3/OSSL_PARAM.html]=man3/OSSL_PARAM.pod DEPEND[man/man3/OSSL_PARAM.3]=man3/OSSL_PARAM.pod @@ -3402,6 +3406,7 @@ html/man3/OSSL_IETF_ATTR_SYNTAX.html \ html/man3/OSSL_IETF_ATTR_SYNTAX_print.html \ html/man3/OSSL_ITEM.html \ html/man3/OSSL_LIB_CTX.html \ +html/man3/OSSL_LIB_CTX_set_conf_diagnostics.html \ html/man3/OSSL_PARAM.html \ html/man3/OSSL_PARAM_BLD.html \ html/man3/OSSL_PARAM_allocate_from_text.html \ @@ -4056,6 +4061,7 @@ man/man3/OSSL_IETF_ATTR_SYNTAX.3 \ man/man3/OSSL_IETF_ATTR_SYNTAX_print.3 \ man/man3/OSSL_ITEM.3 \ man/man3/OSSL_LIB_CTX.3 \ +man/man3/OSSL_LIB_CTX_set_conf_diagnostics.3 \ man/man3/OSSL_PARAM.3 \ man/man3/OSSL_PARAM_BLD.3 \ man/man3/OSSL_PARAM_allocate_from_text.3 \ diff --git a/doc/man3/OSSL_LIB_CTX_set_conf_diagnostics.pod b/doc/man3/OSSL_LIB_CTX_set_conf_diagnostics.pod new file mode 100644 index 0000000000..80c02afb0c --- /dev/null +++ b/doc/man3/OSSL_LIB_CTX_set_conf_diagnostics.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +OSSL_LIB_CTX_set_conf_diagnostics, OSSL_LIB_CTX_get_conf_diagnostics +- Set and get configuration diagnostics + +=head1 SYNOPSIS + + #include <openssl/crypto.h> + + void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); + int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx); + +=head1 DESCRIPTION + +OSSL_LIB_CTX_set_conf_diagnostics() sets the value of the configuration +diagnostics flag. If I<value> is nonzero subsequent parsing and application +of configuration data can report errors that would otherwise be ignored. In +particular any errors in the ssl configuration module will cause a failure +of L<SSL_CTX_new(3)> and L<SSL_CTX_new_ex(3)> calls. The configuration +diagnostics flag can be also set when a configuration file is being loaded +into B<OSSL_LIB_CTX> with L<OSSL_LIB_CTX_load_config(3)>. If the configuration +sets a B<config_diagnostics> value as described in L<config(5)>, it will +override the value set by OSSL_LIB_CTX_set_conf_diagnostics() before +loading the configuration file. + +OSSL_LIB_CTX_get_conf_diagnostics() returns the current value of the +configuration diagnostics flag. + +=head1 RETURN VALUES + +OSSL_LIB_CTX_get_conf_diagnostics() returns 0 if the configuration diagnostics +should not be performed, nonzero otherwise. + +=head1 SEE ALSO + +L<SSL_CTX_new(3)>, L<OSSL_LIB_CTX_load_config(3)>, L<config(5)> + +=head1 HISTORY + +The functions described on this page were added in OpenSSL 3.4. + +=head1 COPYRIGHT + +Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut |