1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncheryCONF_get1_default_config_file, 6b077aed3SPierre ProncheryCONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load 7b077aed3SPierre Pronchery- OpenSSL configuration functions 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/conf.h> 12e71b7053SJung-uk Kim 13b077aed3SPierre Pronchery char *CONF_get1_default_config_file(void); 14b077aed3SPierre Pronchery int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, 15b077aed3SPierre Pronchery const char *appname, unsigned long flags); 16e71b7053SJung-uk Kim int CONF_modules_load_file(const char *filename, const char *appname, 17e71b7053SJung-uk Kim unsigned long flags); 18e71b7053SJung-uk Kim int CONF_modules_load(const CONF *cnf, const char *appname, 19e71b7053SJung-uk Kim unsigned long flags); 20e71b7053SJung-uk Kim 21e71b7053SJung-uk Kim=head1 DESCRIPTION 22e71b7053SJung-uk Kim 23b077aed3SPierre ProncheryThe function CONF_get1_default_config_file() determines the default 24b077aed3SPierre Proncheryconfiguration file pathname as follows. 25b077aed3SPierre ProncheryIf the B<OPENSSL_CONF> environment variable is set its value is returned. 26b077aed3SPierre ProncheryElse the function returns the path obtained using 27b077aed3SPierre ProncheryL<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended. 28b077aed3SPierre ProncheryThe caller is responsible for freeing any string returned. 29b077aed3SPierre Pronchery 30b077aed3SPierre ProncheryThe function CONF_modules_load_file_ex() configures OpenSSL using 31b077aed3SPierre Proncherylibrary context B<libctx> file B<filename> and application name B<appname>. 32b077aed3SPierre ProncheryIf B<filename> is NULL the standard OpenSSL configuration file is used 33b077aed3SPierre Proncheryas determined by calling CONF_get1_default_config_file(). 34b077aed3SPierre ProncheryIf B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is 35b077aed3SPierre Proncheryused. 36b077aed3SPierre ProncheryThe behaviour can be customized using B<flags>. Note that, the error suppressing 37*aa795734SPierre Proncherycan be overridden by B<config_diagnostics> as described in L<config(5)>. 38b077aed3SPierre Pronchery 39b077aed3SPierre ProncheryCONF_modules_load_file() is the same as CONF_modules_load_file_ex() but 40b077aed3SPierre Proncheryhas a NULL library context. 41e71b7053SJung-uk Kim 42e71b7053SJung-uk KimCONF_modules_load() is identical to CONF_modules_load_file() except it 43e71b7053SJung-uk Kimreads configuration information from B<cnf>. 44e71b7053SJung-uk Kim 45e71b7053SJung-uk Kim=head1 NOTES 46e71b7053SJung-uk Kim 47e71b7053SJung-uk KimThe following B<flags> are currently recognized: 48e71b7053SJung-uk Kim 496935a639SJung-uk KimIf B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual 50e71b7053SJung-uk Kimconfiguration modules are ignored. If not set the first module error is 51e71b7053SJung-uk Kimconsidered fatal and no further modules are loaded. 52e71b7053SJung-uk Kim 53e71b7053SJung-uk KimNormally any modules errors will add error information to the error queue. If 54e71b7053SJung-uk KimB<CONF_MFLAGS_SILENT> is set no error information is added. 55e71b7053SJung-uk Kim 566935a639SJung-uk KimIf B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally 576935a639SJung-uk Kimreturns success. 586935a639SJung-uk KimThis is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in 596935a639SJung-uk Kimthe default system-wide configuration file, as having all OpenSSL applications 606935a639SJung-uk Kimfail to start when there are potentially minor issues in the file is too risky. 61b077aed3SPierre ProncheryApplications calling B<CONF_modules_load_file_ex> explicitly should not 62b077aed3SPierre Proncherygenerally set this flag. 636935a639SJung-uk Kim 64e71b7053SJung-uk KimIf B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is 65e71b7053SJung-uk Kimdisabled. 66e71b7053SJung-uk Kim 67e71b7053SJung-uk KimB<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file() 68e71b7053SJung-uk Kimignore missing configuration files. Normally a missing configuration file 69e71b7053SJung-uk Kimreturn an error. 70e71b7053SJung-uk Kim 71e71b7053SJung-uk KimB<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the 72e71b7053SJung-uk Kimdefault section pointed to by B<openssl_conf> if B<appname> does not exist. 73e71b7053SJung-uk Kim 74b077aed3SPierre ProncheryBy using CONF_modules_load_file_ex() with appropriate flags an 75b077aed3SPierre Proncheryapplication can customise application configuration to best suit its needs. 76b077aed3SPierre ProncheryIn some cases the use of a configuration file is optional and its absence is not 77b077aed3SPierre Proncheryan error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set. 78e71b7053SJung-uk Kim 79e71b7053SJung-uk KimErrors during configuration may also be handled differently by different 80e71b7053SJung-uk Kimapplications. For example in some cases an error may simply print out a warning 81e71b7053SJung-uk Kimmessage and the application continue. In other cases an application might 82e71b7053SJung-uk Kimconsider a configuration file error as fatal and exit immediately. 83e71b7053SJung-uk Kim 84e71b7053SJung-uk KimApplications can use the CONF_modules_load() function if they wish to load a 85e71b7053SJung-uk Kimconfiguration file themselves and have finer control over how errors are 86e71b7053SJung-uk Kimtreated. 87e71b7053SJung-uk Kim 88610a21fdSJung-uk Kim=head1 RETURN VALUES 89610a21fdSJung-uk Kim 90610a21fdSJung-uk KimThese functions return 1 for success and a zero or negative value for 91610a21fdSJung-uk Kimfailure. If module errors are not ignored the return code will reflect the 92610a21fdSJung-uk Kimreturn value of the failing module (this will always be zero or negative). 93610a21fdSJung-uk Kim 94e71b7053SJung-uk Kim=head1 EXAMPLES 95e71b7053SJung-uk Kim 96e71b7053SJung-uk KimLoad a configuration file and print out any errors and exit (missing file 97e71b7053SJung-uk Kimconsidered fatal): 98e71b7053SJung-uk Kim 99b077aed3SPierre Pronchery if (CONF_modules_load_file_ex(libctx, NULL, NULL, 0) <= 0) { 100e71b7053SJung-uk Kim fprintf(stderr, "FATAL: error loading configuration file\n"); 101e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 102e71b7053SJung-uk Kim exit(1); 103e71b7053SJung-uk Kim } 104e71b7053SJung-uk Kim 105e71b7053SJung-uk KimLoad default configuration file using the section indicated by "myapp", 106e71b7053SJung-uk Kimtolerate missing files, but exit on other errors: 107e71b7053SJung-uk Kim 108b077aed3SPierre Pronchery if (CONF_modules_load_file_ex(NULL, NULL, "myapp", 109e71b7053SJung-uk Kim CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { 110e71b7053SJung-uk Kim fprintf(stderr, "FATAL: error loading configuration file\n"); 111e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 112e71b7053SJung-uk Kim exit(1); 113e71b7053SJung-uk Kim } 114e71b7053SJung-uk Kim 115e71b7053SJung-uk KimLoad custom configuration file and section, only print warnings on error, 116e71b7053SJung-uk Kimmissing configuration file ignored: 117e71b7053SJung-uk Kim 118b077aed3SPierre Pronchery if (CONF_modules_load_file_ex(NULL, "/something/app.cnf", "myapp", 119e71b7053SJung-uk Kim CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { 120e71b7053SJung-uk Kim fprintf(stderr, "WARNING: error loading configuration file\n"); 121e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 122e71b7053SJung-uk Kim } 123e71b7053SJung-uk Kim 124e71b7053SJung-uk KimLoad and parse configuration file manually, custom error handling: 125e71b7053SJung-uk Kim 126e71b7053SJung-uk Kim FILE *fp; 127e71b7053SJung-uk Kim CONF *cnf = NULL; 128e71b7053SJung-uk Kim long eline; 129e71b7053SJung-uk Kim 130e71b7053SJung-uk Kim fp = fopen("/somepath/app.cnf", "r"); 131e71b7053SJung-uk Kim if (fp == NULL) { 132e71b7053SJung-uk Kim fprintf(stderr, "Error opening configuration file\n"); 133e71b7053SJung-uk Kim /* Other missing configuration file behaviour */ 134e71b7053SJung-uk Kim } else { 135b077aed3SPierre Pronchery cnf = NCONF_new_ex(libctx, NULL); 136e71b7053SJung-uk Kim if (NCONF_load_fp(cnf, fp, &eline) == 0) { 137e71b7053SJung-uk Kim fprintf(stderr, "Error on line %ld of configuration file\n", eline); 138e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 139e71b7053SJung-uk Kim /* Other malformed configuration file behaviour */ 140e71b7053SJung-uk Kim } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { 141e71b7053SJung-uk Kim fprintf(stderr, "Error configuring application\n"); 142e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 143e71b7053SJung-uk Kim /* Other configuration error behaviour */ 144e71b7053SJung-uk Kim } 145e71b7053SJung-uk Kim fclose(fp); 146e71b7053SJung-uk Kim NCONF_free(cnf); 147e71b7053SJung-uk Kim } 148e71b7053SJung-uk Kim 149e71b7053SJung-uk Kim=head1 SEE ALSO 150e71b7053SJung-uk Kim 151b077aed3SPierre ProncheryL<config(5)>, 152b077aed3SPierre ProncheryL<OPENSSL_config(3)>, 153b077aed3SPierre ProncheryL<NCONF_new_ex(3)> 154e71b7053SJung-uk Kim 155e71b7053SJung-uk Kim=head1 COPYRIGHT 156e71b7053SJung-uk Kim 157*aa795734SPierre ProncheryCopyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. 158e71b7053SJung-uk Kim 159b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 160e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 161e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 162e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 163e71b7053SJung-uk Kim 164e71b7053SJung-uk Kim=cut 165