mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
22e27978b2
The self tests for the fips module are triggered on startup and they need to know the core's libctx in order to function correctly. As the provider can be autoloaded via configuration it then needs to propagate the callers libctx down to the provider via the config load. Note that OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, ..) is still called, but will only load the default configuration if the OPENSSL_CONF environment variable is set. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11240)
155 lines
5.6 KiB
Plaintext
155 lines
5.6 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
CONF_modules_load_file_with_libctx, CONF_modules_load_file, CONF_modules_load
|
|
- OpenSSL configuration functions
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/conf.h>
|
|
|
|
int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
|
|
const char *filename,
|
|
const char *appname, unsigned long flags);
|
|
int CONF_modules_load_file(const char *filename, const char *appname,
|
|
unsigned long flags);
|
|
int CONF_modules_load(const CONF *cnf, const char *appname,
|
|
unsigned long flags);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The function CONF_modules_load_file_with_libctx() configures OpenSSL using
|
|
library context B<libctx> file B<filename> and application name B<appname>.
|
|
If B<filename> is NULL the standard OpenSSL configuration file is used.
|
|
If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
|
|
used.
|
|
The behaviour can be customized using B<flags>.
|
|
|
|
CONF_modules_load_file() is the same as CONF_modules_load_file_with_libctx() but
|
|
has a NULL library context.
|
|
|
|
CONF_modules_load() is identical to CONF_modules_load_file() except it
|
|
reads configuration information from B<cnf>.
|
|
|
|
=head1 NOTES
|
|
|
|
The following B<flags> are currently recognized:
|
|
|
|
If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual
|
|
configuration modules are ignored. If not set the first module error is
|
|
considered fatal and no further modules are loaded.
|
|
|
|
Normally any modules errors will add error information to the error queue. If
|
|
B<CONF_MFLAGS_SILENT> is set no error information is added.
|
|
|
|
If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally
|
|
returns success.
|
|
This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
|
|
the default system-wide configuration file, as having all OpenSSL applications
|
|
fail to start when there are potentially minor issues in the file is too risky.
|
|
Applications calling B<CONF_modules_load_file_with_libctx> explicitly should not
|
|
generally set this flag.
|
|
|
|
If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
|
|
disabled.
|
|
|
|
B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
|
|
ignore missing configuration files. Normally a missing configuration file
|
|
return an error.
|
|
|
|
B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
|
|
default section pointed to by B<openssl_conf> if B<appname> does not exist.
|
|
|
|
By using CONF_modules_load_file_with_libctx() with appropriate flags an
|
|
application can customise application configuration to best suit its needs.
|
|
In some cases the use of a configuration file is optional and its absence is not
|
|
an error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
|
|
|
|
Errors during configuration may also be handled differently by different
|
|
applications. For example in some cases an error may simply print out a warning
|
|
message and the application continue. In other cases an application might
|
|
consider a configuration file error as fatal and exit immediately.
|
|
|
|
Applications can use the CONF_modules_load() function if they wish to load a
|
|
configuration file themselves and have finer control over how errors are
|
|
treated.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
These functions return 1 for success and a zero or negative value for
|
|
failure. If module errors are not ignored the return code will reflect the
|
|
return value of the failing module (this will always be zero or negative).
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Load a configuration file and print out any errors and exit (missing file
|
|
considered fatal):
|
|
|
|
if (CONF_modules_load_file_with_libctx(libctx, NULL, NULL, 0) <= 0) {
|
|
fprintf(stderr, "FATAL: error loading configuration file\n");
|
|
ERR_print_errors_fp(stderr);
|
|
exit(1);
|
|
}
|
|
|
|
Load default configuration file using the section indicated by "myapp",
|
|
tolerate missing files, but exit on other errors:
|
|
|
|
if (CONF_modules_load_file_with_libctx(NULL, NULL, "myapp",
|
|
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
|
fprintf(stderr, "FATAL: error loading configuration file\n");
|
|
ERR_print_errors_fp(stderr);
|
|
exit(1);
|
|
}
|
|
|
|
Load custom configuration file and section, only print warnings on error,
|
|
missing configuration file ignored:
|
|
|
|
if (CONF_modules_load_file_with_libctx(NULL, "/something/app.cnf", "myapp",
|
|
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
|
fprintf(stderr, "WARNING: error loading configuration file\n");
|
|
ERR_print_errors_fp(stderr);
|
|
}
|
|
|
|
Load and parse configuration file manually, custom error handling:
|
|
|
|
FILE *fp;
|
|
CONF *cnf = NULL;
|
|
long eline;
|
|
|
|
fp = fopen("/somepath/app.cnf", "r");
|
|
if (fp == NULL) {
|
|
fprintf(stderr, "Error opening configuration file\n");
|
|
/* Other missing configuration file behaviour */
|
|
} else {
|
|
cnf = NCONF_new_with_libctx(libctx, NULL);
|
|
if (NCONF_load_fp(cnf, fp, &eline) == 0) {
|
|
fprintf(stderr, "Error on line %ld of configuration file\n", eline);
|
|
ERR_print_errors_fp(stderr);
|
|
/* Other malformed configuration file behaviour */
|
|
} else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
|
|
fprintf(stderr, "Error configuring application\n");
|
|
ERR_print_errors_fp(stderr);
|
|
/* Other configuration error behaviour */
|
|
}
|
|
fclose(fp);
|
|
NCONF_free(cnf);
|
|
}
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<config(5)>,
|
|
L<OPENSSL_config(3)>,
|
|
L<NCONF_new_with_libctx(3)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|