OpenBSD manual page server

Manual Page Search Parameters

OPENSSL_CONFIG(3) Library Functions Manual OPENSSL_CONFIG(3)

OPENSSL_config, OPENSSL_no_configsimple OpenSSL configuration functions

#include <openssl/conf.h>

void
OPENSSL_config(const char *config_name);

void
OPENSSL_no_config(void);

() configures OpenSSL using the standard openssl.cnf(5) configuration file name using config_name. If config_name is NULL then the default name will be used. Any errors are ignored. Further calls to OPENSSL_config() will have no effect.

() disables configuration. If called before OPENSSL_config(), no configuration takes place.

It is recommended that new applications call () or the more sophisticated functions such as CONF_modules_load(3) during initialization (that is before starting any threads). By doing this, an application does not need to keep track of all configuration options and some new functionality can be supported automatically.

It is also possible to automatically call () when an application calls OpenSSL_add_all_algorithms(3) by compiling an application with the preprocessor symbol OPENSSL_LOAD_CONF #define'd. In this way configuration can be added without source changes.

The environment variable OPENSSL_CONF can be set to specify the location of the configuration file.

Currently ASN.1 OBJECT and ENGINE configuration can be performed.

There are several reasons why calling the OpenSSL configuration routines is advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. In OpenSSL 0.9.7 control functions can be supported by ENGINEs which can be used (among other things) to load dynamic ENGINEs from shared libraries (DSOs). However very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls () it doesn't need to know or care about ENGINE control operations because they can be performed by editing a configuration file.

Applications should free up configuration at application closedown by calling CONF_modules_free(3).

Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

/etc/ssl/openssl.cnf
standard configuration file

CONF_modules_free(3), CONF_modules_load(3), openssl.cnf(5)

OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7.

The OPENSSL_config() function is designed to be a very simple "call it and forget it" function. As a result its behaviour is somewhat limited. It ignores all errors silently and it can only load from the standard configuration file location for example.

It is however better than nothing. Applications which need finer control over their configuration functionality should use the configuration functions such as CONF_modules_load(3) directly.

July 6, 2017 OpenBSD-6.2