1*e71b7053SJung-uk Kim=pod 2*e71b7053SJung-uk Kim 3*e71b7053SJung-uk Kim=head1 NAME 4*e71b7053SJung-uk Kim 5*e71b7053SJung-uk KimCONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions 6*e71b7053SJung-uk Kim 7*e71b7053SJung-uk Kim=head1 SYNOPSIS 8*e71b7053SJung-uk Kim 9*e71b7053SJung-uk Kim #include <openssl/conf.h> 10*e71b7053SJung-uk Kim 11*e71b7053SJung-uk Kim int CONF_modules_load_file(const char *filename, const char *appname, 12*e71b7053SJung-uk Kim unsigned long flags); 13*e71b7053SJung-uk Kim int CONF_modules_load(const CONF *cnf, const char *appname, 14*e71b7053SJung-uk Kim unsigned long flags); 15*e71b7053SJung-uk Kim 16*e71b7053SJung-uk Kim=head1 DESCRIPTION 17*e71b7053SJung-uk Kim 18*e71b7053SJung-uk KimThe function CONF_modules_load_file() configures OpenSSL using file 19*e71b7053SJung-uk KimB<filename> and application name B<appname>. If B<filename> is NULL 20*e71b7053SJung-uk Kimthe standard OpenSSL configuration file is used. If B<appname> is 21*e71b7053SJung-uk KimNULL the standard OpenSSL application name B<openssl_conf> is used. 22*e71b7053SJung-uk KimThe behaviour can be customized using B<flags>. 23*e71b7053SJung-uk Kim 24*e71b7053SJung-uk KimCONF_modules_load() is identical to CONF_modules_load_file() except it 25*e71b7053SJung-uk Kimreads configuration information from B<cnf>. 26*e71b7053SJung-uk Kim 27*e71b7053SJung-uk Kim=head1 NOTES 28*e71b7053SJung-uk Kim 29*e71b7053SJung-uk KimThe following B<flags> are currently recognized: 30*e71b7053SJung-uk Kim 31*e71b7053SJung-uk KimB<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual 32*e71b7053SJung-uk Kimconfiguration modules are ignored. If not set the first module error is 33*e71b7053SJung-uk Kimconsidered fatal and no further modules are loaded. 34*e71b7053SJung-uk Kim 35*e71b7053SJung-uk KimNormally any modules errors will add error information to the error queue. If 36*e71b7053SJung-uk KimB<CONF_MFLAGS_SILENT> is set no error information is added. 37*e71b7053SJung-uk Kim 38*e71b7053SJung-uk KimIf B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is 39*e71b7053SJung-uk Kimdisabled. 40*e71b7053SJung-uk Kim 41*e71b7053SJung-uk KimB<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file() 42*e71b7053SJung-uk Kimignore missing configuration files. Normally a missing configuration file 43*e71b7053SJung-uk Kimreturn an error. 44*e71b7053SJung-uk Kim 45*e71b7053SJung-uk KimB<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the 46*e71b7053SJung-uk Kimdefault section pointed to by B<openssl_conf> if B<appname> does not exist. 47*e71b7053SJung-uk Kim 48*e71b7053SJung-uk KimBy using CONF_modules_load_file() with appropriate flags an application can 49*e71b7053SJung-uk Kimcustomise application configuration to best suit its needs. In some cases the 50*e71b7053SJung-uk Kimuse of a configuration file is optional and its absence is not an error: in 51*e71b7053SJung-uk Kimthis case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set. 52*e71b7053SJung-uk Kim 53*e71b7053SJung-uk KimErrors during configuration may also be handled differently by different 54*e71b7053SJung-uk Kimapplications. For example in some cases an error may simply print out a warning 55*e71b7053SJung-uk Kimmessage and the application continue. In other cases an application might 56*e71b7053SJung-uk Kimconsider a configuration file error as fatal and exit immediately. 57*e71b7053SJung-uk Kim 58*e71b7053SJung-uk KimApplications can use the CONF_modules_load() function if they wish to load a 59*e71b7053SJung-uk Kimconfiguration file themselves and have finer control over how errors are 60*e71b7053SJung-uk Kimtreated. 61*e71b7053SJung-uk Kim 62*e71b7053SJung-uk Kim=head1 EXAMPLES 63*e71b7053SJung-uk Kim 64*e71b7053SJung-uk KimLoad a configuration file and print out any errors and exit (missing file 65*e71b7053SJung-uk Kimconsidered fatal): 66*e71b7053SJung-uk Kim 67*e71b7053SJung-uk Kim if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { 68*e71b7053SJung-uk Kim fprintf(stderr, "FATAL: error loading configuration file\n"); 69*e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 70*e71b7053SJung-uk Kim exit(1); 71*e71b7053SJung-uk Kim } 72*e71b7053SJung-uk Kim 73*e71b7053SJung-uk KimLoad default configuration file using the section indicated by "myapp", 74*e71b7053SJung-uk Kimtolerate missing files, but exit on other errors: 75*e71b7053SJung-uk Kim 76*e71b7053SJung-uk Kim if (CONF_modules_load_file(NULL, "myapp", 77*e71b7053SJung-uk Kim CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { 78*e71b7053SJung-uk Kim fprintf(stderr, "FATAL: error loading configuration file\n"); 79*e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 80*e71b7053SJung-uk Kim exit(1); 81*e71b7053SJung-uk Kim } 82*e71b7053SJung-uk Kim 83*e71b7053SJung-uk KimLoad custom configuration file and section, only print warnings on error, 84*e71b7053SJung-uk Kimmissing configuration file ignored: 85*e71b7053SJung-uk Kim 86*e71b7053SJung-uk Kim if (CONF_modules_load_file("/something/app.cnf", "myapp", 87*e71b7053SJung-uk Kim CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { 88*e71b7053SJung-uk Kim fprintf(stderr, "WARNING: error loading configuration file\n"); 89*e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 90*e71b7053SJung-uk Kim } 91*e71b7053SJung-uk Kim 92*e71b7053SJung-uk KimLoad and parse configuration file manually, custom error handling: 93*e71b7053SJung-uk Kim 94*e71b7053SJung-uk Kim FILE *fp; 95*e71b7053SJung-uk Kim CONF *cnf = NULL; 96*e71b7053SJung-uk Kim long eline; 97*e71b7053SJung-uk Kim 98*e71b7053SJung-uk Kim fp = fopen("/somepath/app.cnf", "r"); 99*e71b7053SJung-uk Kim if (fp == NULL) { 100*e71b7053SJung-uk Kim fprintf(stderr, "Error opening configuration file\n"); 101*e71b7053SJung-uk Kim /* Other missing configuration file behaviour */ 102*e71b7053SJung-uk Kim } else { 103*e71b7053SJung-uk Kim cnf = NCONF_new(NULL); 104*e71b7053SJung-uk Kim if (NCONF_load_fp(cnf, fp, &eline) == 0) { 105*e71b7053SJung-uk Kim fprintf(stderr, "Error on line %ld of configuration file\n", eline); 106*e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 107*e71b7053SJung-uk Kim /* Other malformed configuration file behaviour */ 108*e71b7053SJung-uk Kim } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { 109*e71b7053SJung-uk Kim fprintf(stderr, "Error configuring application\n"); 110*e71b7053SJung-uk Kim ERR_print_errors_fp(stderr); 111*e71b7053SJung-uk Kim /* Other configuration error behaviour */ 112*e71b7053SJung-uk Kim } 113*e71b7053SJung-uk Kim fclose(fp); 114*e71b7053SJung-uk Kim NCONF_free(cnf); 115*e71b7053SJung-uk Kim } 116*e71b7053SJung-uk Kim 117*e71b7053SJung-uk Kim=head1 RETURN VALUES 118*e71b7053SJung-uk Kim 119*e71b7053SJung-uk KimThese functions return 1 for success and a zero or negative value for 120*e71b7053SJung-uk Kimfailure. If module errors are not ignored the return code will reflect the 121*e71b7053SJung-uk Kimreturn value of the failing module (this will always be zero or negative). 122*e71b7053SJung-uk Kim 123*e71b7053SJung-uk Kim=head1 SEE ALSO 124*e71b7053SJung-uk Kim 125*e71b7053SJung-uk KimL<config(5)>, L<OPENSSL_config(3)> 126*e71b7053SJung-uk Kim 127*e71b7053SJung-uk Kim=head1 COPYRIGHT 128*e71b7053SJung-uk Kim 129*e71b7053SJung-uk KimCopyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. 130*e71b7053SJung-uk Kim 131*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 132*e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 133*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 134*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 135*e71b7053SJung-uk Kim 136*e71b7053SJung-uk Kim=cut 137