2019-10-10 03:45:12 +08:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
openssl-env - OpenSSL environment variables
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
The OpenSSL libraries use environment variables to override the
|
|
|
|
compiled-in default paths for various data.
|
|
|
|
To avoid security risks, the environment is usually not consulted when
|
|
|
|
the executable is set-user-ID or set-group-ID.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<CTLOG_FILE>
|
|
|
|
|
|
|
|
Specifies the path to a certificate transparency log list.
|
|
|
|
See L<CTLOG_STORE_new(3)>.
|
|
|
|
|
|
|
|
=item B<OPENSSL>
|
|
|
|
|
2020-02-27 04:25:43 +08:00
|
|
|
Specifies the path to the B<openssl> executable. Used by
|
|
|
|
the B<rehash> script (see L<openssl-rehash(1)/Script Configuration>)
|
|
|
|
and by the B<CA.pl> script (see L<CA.pl(1)/NOTES>
|
2019-10-10 03:45:12 +08:00
|
|
|
|
2020-02-27 04:25:43 +08:00
|
|
|
=item B<OPENSSL_CONF>, B<OPENSSL_CONF_INCLUDE>
|
2019-10-10 03:45:12 +08:00
|
|
|
|
2020-02-27 04:25:43 +08:00
|
|
|
Specifies the path to a configuration file and the directory for
|
|
|
|
included files.
|
2020-12-11 04:02:47 +08:00
|
|
|
See L<config(5)>.
|
2019-10-10 03:45:12 +08:00
|
|
|
|
2020-02-27 04:25:43 +08:00
|
|
|
=item B<OPENSSL_CONFIG>
|
|
|
|
|
|
|
|
Specifies a configuration option and filename for the B<req> and B<ca>
|
|
|
|
commands invoked by the B<CA.pl> script.
|
|
|
|
See L<CA.pl(1)>.
|
|
|
|
|
2019-10-10 03:45:12 +08:00
|
|
|
=item B<OPENSSL_ENGINES>
|
|
|
|
|
|
|
|
Specifies the directory from which dynamic engines are loaded.
|
|
|
|
See L<openssl-engine(1)>.
|
|
|
|
|
|
|
|
=item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES>
|
|
|
|
|
|
|
|
If built with debugging, this allows memory allocation to fail.
|
2019-10-25 04:40:11 +08:00
|
|
|
See L<OPENSSL_malloc(3)>.
|
2019-10-10 03:45:12 +08:00
|
|
|
|
|
|
|
=item B<OPENSSL_MODULES>
|
|
|
|
|
|
|
|
Specifies the directory from which cryptographic providers are loaded.
|
2021-04-16 01:21:28 +08:00
|
|
|
Equivalently, the generic B<-provider-path> command-line option may be used.
|
2019-10-10 03:45:12 +08:00
|
|
|
|
|
|
|
=item B<OPENSSL_WIN32_UTF8>
|
|
|
|
|
|
|
|
If set, then L<UI_OpenSSL(3)> returns UTF-8 encoded strings, rather than
|
|
|
|
ones encoded in the current code page, and
|
|
|
|
the L<openssl(1)> program also transcodes the command-line parameters
|
|
|
|
from the current code page to UTF-8.
|
|
|
|
This environment variable is only checked on Microsoft Windows platforms.
|
|
|
|
|
|
|
|
=item B<RANDFILE>
|
|
|
|
|
|
|
|
The state file for the random number generator.
|
|
|
|
This should not be needed in normal use.
|
|
|
|
See L<RAND_load_file(3)>.
|
|
|
|
|
|
|
|
=item B<SSL_CERT_DIR>, B<SSL_CERT_FILE>
|
|
|
|
|
|
|
|
Specify the default directory or file containing CA certificates.
|
|
|
|
See L<SSL_CTX_load_verify_locations(3)>.
|
|
|
|
|
|
|
|
=item B<TSGET>
|
|
|
|
|
|
|
|
Additional arguments for the L<tsget(1)> command.
|
|
|
|
|
Add basic RISC-V cpuid and OPENSSL_riscvcap
RISC-V cpuid implementation allows bitmanip extensions Zb[abcs] to
be enabled at runtime using OPENSSL_riscvcap environment variable.
For example, to specify 64-bit RISC-V with the G,C,Zba,Zbb,Zbc
extensions, one could write: OPENSSL_riscvcap="rv64gc_zba_zbb_zbc"
Architecture string parsing is still very primitive, but can be
expanded in the future. Currently, only bitmanip extensions Zba, Zbb,
Zbc and Zbs are supported.
Includes implementation of constant-time CRYPTO_memcmp in riscv64 asm,
as well as OPENSSL_cleanse. Assembly implementations are written using
perlasm.
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
2022-01-28 16:28:52 +08:00
|
|
|
=item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap>, B<OPENSSL_riscvcap>
|
2021-11-16 08:31:44 +08:00
|
|
|
|
|
|
|
OpenSSL supports a number of different algorithm implementations for
|
|
|
|
various machines and, by default, it determines which to use based on the
|
|
|
|
processor capabilities and run time feature enquiry. These environment
|
|
|
|
variables can be used to exert more control over this selection process.
|
|
|
|
See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>.
|
|
|
|
|
|
|
|
=item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY>
|
|
|
|
|
|
|
|
Specify a proxy hostname.
|
|
|
|
See L<OSSL_HTTP_parse_url(3)>.
|
|
|
|
|
2019-10-10 03:45:12 +08:00
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
Add basic RISC-V cpuid and OPENSSL_riscvcap
RISC-V cpuid implementation allows bitmanip extensions Zb[abcs] to
be enabled at runtime using OPENSSL_riscvcap environment variable.
For example, to specify 64-bit RISC-V with the G,C,Zba,Zbb,Zbc
extensions, one could write: OPENSSL_riscvcap="rv64gc_zba_zbb_zbc"
Architecture string parsing is still very primitive, but can be
expanded in the future. Currently, only bitmanip extensions Zba, Zbb,
Zbc and Zbs are supported.
Includes implementation of constant-time CRYPTO_memcmp in riscv64 asm,
as well as OPENSSL_cleanse. Assembly implementations are written using
perlasm.
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17640)
2022-01-28 16:28:52 +08:00
|
|
|
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
2019-10-10 03:45:12 +08:00
|
|
|
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|