1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre Proncheryopenssl-env - OpenSSL environment variables 6*b077aed3SPierre Pronchery 7*b077aed3SPierre Pronchery=head1 DESCRIPTION 8*b077aed3SPierre Pronchery 9*b077aed3SPierre ProncheryThe OpenSSL libraries use environment variables to override the 10*b077aed3SPierre Proncherycompiled-in default paths for various data. 11*b077aed3SPierre ProncheryTo avoid security risks, the environment is usually not consulted when 12*b077aed3SPierre Proncherythe executable is set-user-ID or set-group-ID. 13*b077aed3SPierre Pronchery 14*b077aed3SPierre Pronchery=over 4 15*b077aed3SPierre Pronchery 16*b077aed3SPierre Pronchery=item B<CTLOG_FILE> 17*b077aed3SPierre Pronchery 18*b077aed3SPierre ProncherySpecifies the path to a certificate transparency log list. 19*b077aed3SPierre ProncherySee L<CTLOG_STORE_new(3)>. 20*b077aed3SPierre Pronchery 21*b077aed3SPierre Pronchery=item B<OPENSSL> 22*b077aed3SPierre Pronchery 23*b077aed3SPierre ProncherySpecifies the path to the B<openssl> executable. Used by 24*b077aed3SPierre Proncherythe B<rehash> script (see L<openssl-rehash(1)/Script Configuration>) 25*b077aed3SPierre Proncheryand by the B<CA.pl> script (see L<CA.pl(1)/NOTES> 26*b077aed3SPierre Pronchery 27*b077aed3SPierre Pronchery=item B<OPENSSL_CONF>, B<OPENSSL_CONF_INCLUDE> 28*b077aed3SPierre Pronchery 29*b077aed3SPierre ProncherySpecifies the path to a configuration file and the directory for 30*b077aed3SPierre Proncheryincluded files. 31*b077aed3SPierre ProncherySee L<config(5)>. 32*b077aed3SPierre Pronchery 33*b077aed3SPierre Pronchery=item B<OPENSSL_CONFIG> 34*b077aed3SPierre Pronchery 35*b077aed3SPierre ProncherySpecifies a configuration option and filename for the B<req> and B<ca> 36*b077aed3SPierre Proncherycommands invoked by the B<CA.pl> script. 37*b077aed3SPierre ProncherySee L<CA.pl(1)>. 38*b077aed3SPierre Pronchery 39*b077aed3SPierre Pronchery=item B<OPENSSL_ENGINES> 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncherySpecifies the directory from which dynamic engines are loaded. 42*b077aed3SPierre ProncherySee L<openssl-engine(1)>. 43*b077aed3SPierre Pronchery 44*b077aed3SPierre Pronchery=item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES> 45*b077aed3SPierre Pronchery 46*b077aed3SPierre ProncheryIf built with debugging, this allows memory allocation to fail. 47*b077aed3SPierre ProncherySee L<OPENSSL_malloc(3)>. 48*b077aed3SPierre Pronchery 49*b077aed3SPierre Pronchery=item B<OPENSSL_MODULES> 50*b077aed3SPierre Pronchery 51*b077aed3SPierre ProncherySpecifies the directory from which cryptographic providers are loaded. 52*b077aed3SPierre ProncheryEquivalently, the generic B<-provider-path> command-line option may be used. 53*b077aed3SPierre Pronchery 54*b077aed3SPierre Pronchery=item B<OPENSSL_WIN32_UTF8> 55*b077aed3SPierre Pronchery 56*b077aed3SPierre ProncheryIf set, then L<UI_OpenSSL(3)> returns UTF-8 encoded strings, rather than 57*b077aed3SPierre Proncheryones encoded in the current code page, and 58*b077aed3SPierre Proncherythe L<openssl(1)> program also transcodes the command-line parameters 59*b077aed3SPierre Proncheryfrom the current code page to UTF-8. 60*b077aed3SPierre ProncheryThis environment variable is only checked on Microsoft Windows platforms. 61*b077aed3SPierre Pronchery 62*b077aed3SPierre Pronchery=item B<RANDFILE> 63*b077aed3SPierre Pronchery 64*b077aed3SPierre ProncheryThe state file for the random number generator. 65*b077aed3SPierre ProncheryThis should not be needed in normal use. 66*b077aed3SPierre ProncherySee L<RAND_load_file(3)>. 67*b077aed3SPierre Pronchery 68*b077aed3SPierre Pronchery=item B<SSL_CERT_DIR>, B<SSL_CERT_FILE> 69*b077aed3SPierre Pronchery 70*b077aed3SPierre ProncherySpecify the default directory or file containing CA certificates. 71*b077aed3SPierre ProncherySee L<SSL_CTX_load_verify_locations(3)>. 72*b077aed3SPierre Pronchery 73*b077aed3SPierre Pronchery=item B<TSGET> 74*b077aed3SPierre Pronchery 75*b077aed3SPierre ProncheryAdditional arguments for the L<tsget(1)> command. 76*b077aed3SPierre Pronchery 77*b077aed3SPierre Pronchery=item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap> 78*b077aed3SPierre Pronchery 79*b077aed3SPierre ProncheryOpenSSL supports a number of different algorithm implementations for 80*b077aed3SPierre Proncheryvarious machines and, by default, it determines which to use based on the 81*b077aed3SPierre Proncheryprocessor capabilities and run time feature enquiry. These environment 82*b077aed3SPierre Proncheryvariables can be used to exert more control over this selection process. 83*b077aed3SPierre ProncherySee L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>. 84*b077aed3SPierre Pronchery 85*b077aed3SPierre Pronchery=item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY> 86*b077aed3SPierre Pronchery 87*b077aed3SPierre ProncherySpecify a proxy hostname. 88*b077aed3SPierre ProncherySee L<OSSL_HTTP_parse_url(3)>. 89*b077aed3SPierre Pronchery 90*b077aed3SPierre Pronchery=back 91*b077aed3SPierre Pronchery 92*b077aed3SPierre Pronchery=head1 COPYRIGHT 93*b077aed3SPierre Pronchery 94*b077aed3SPierre ProncheryCopyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 95*b077aed3SPierre Pronchery 96*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 97*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 98*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 99*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 100*b077aed3SPierre Pronchery 101*b077aed3SPierre Pronchery=cut 102