xref: /freebsd-src/crypto/openssl/doc/man7/openssl-env.pod (revision b077aed33b7b6aefca7b17ddb250cf521f938613)
1*b077aed3SPierre Pronchery=pod
2*b077aed3SPierre Pronchery
3*b077aed3SPierre Pronchery=head1 NAME
4*b077aed3SPierre Pronchery
5*b077aed3SPierre Proncheryopenssl-env - OpenSSL environment variables
6*b077aed3SPierre Pronchery
7*b077aed3SPierre Pronchery=head1 DESCRIPTION
8*b077aed3SPierre Pronchery
9*b077aed3SPierre ProncheryThe OpenSSL libraries use environment variables to override the
10*b077aed3SPierre Proncherycompiled-in default paths for various data.
11*b077aed3SPierre ProncheryTo avoid security risks, the environment is usually not consulted when
12*b077aed3SPierre Proncherythe executable is set-user-ID or set-group-ID.
13*b077aed3SPierre Pronchery
14*b077aed3SPierre Pronchery=over 4
15*b077aed3SPierre Pronchery
16*b077aed3SPierre Pronchery=item B<CTLOG_FILE>
17*b077aed3SPierre Pronchery
18*b077aed3SPierre ProncherySpecifies the path to a certificate transparency log list.
19*b077aed3SPierre ProncherySee L<CTLOG_STORE_new(3)>.
20*b077aed3SPierre Pronchery
21*b077aed3SPierre Pronchery=item B<OPENSSL>
22*b077aed3SPierre Pronchery
23*b077aed3SPierre ProncherySpecifies the path to the B<openssl> executable. Used by
24*b077aed3SPierre Proncherythe B<rehash> script (see L<openssl-rehash(1)/Script Configuration>)
25*b077aed3SPierre Proncheryand by the B<CA.pl> script (see L<CA.pl(1)/NOTES>
26*b077aed3SPierre Pronchery
27*b077aed3SPierre Pronchery=item B<OPENSSL_CONF>, B<OPENSSL_CONF_INCLUDE>
28*b077aed3SPierre Pronchery
29*b077aed3SPierre ProncherySpecifies the path to a configuration file and the directory for
30*b077aed3SPierre Proncheryincluded files.
31*b077aed3SPierre ProncherySee L<config(5)>.
32*b077aed3SPierre Pronchery
33*b077aed3SPierre Pronchery=item B<OPENSSL_CONFIG>
34*b077aed3SPierre Pronchery
35*b077aed3SPierre ProncherySpecifies a configuration option and filename for the B<req> and B<ca>
36*b077aed3SPierre Proncherycommands invoked by the B<CA.pl> script.
37*b077aed3SPierre ProncherySee L<CA.pl(1)>.
38*b077aed3SPierre Pronchery
39*b077aed3SPierre Pronchery=item B<OPENSSL_ENGINES>
40*b077aed3SPierre Pronchery
41*b077aed3SPierre ProncherySpecifies the directory from which dynamic engines are loaded.
42*b077aed3SPierre ProncherySee L<openssl-engine(1)>.
43*b077aed3SPierre Pronchery
44*b077aed3SPierre Pronchery=item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES>
45*b077aed3SPierre Pronchery
46*b077aed3SPierre ProncheryIf built with debugging, this allows memory allocation to fail.
47*b077aed3SPierre ProncherySee L<OPENSSL_malloc(3)>.
48*b077aed3SPierre Pronchery
49*b077aed3SPierre Pronchery=item B<OPENSSL_MODULES>
50*b077aed3SPierre Pronchery
51*b077aed3SPierre ProncherySpecifies the directory from which cryptographic providers are loaded.
52*b077aed3SPierre ProncheryEquivalently, the generic B<-provider-path> command-line option may be used.
53*b077aed3SPierre Pronchery
54*b077aed3SPierre Pronchery=item B<OPENSSL_WIN32_UTF8>
55*b077aed3SPierre Pronchery
56*b077aed3SPierre ProncheryIf set, then L<UI_OpenSSL(3)> returns UTF-8 encoded strings, rather than
57*b077aed3SPierre Proncheryones encoded in the current code page, and
58*b077aed3SPierre Proncherythe L<openssl(1)> program also transcodes the command-line parameters
59*b077aed3SPierre Proncheryfrom the current code page to UTF-8.
60*b077aed3SPierre ProncheryThis environment variable is only checked on Microsoft Windows platforms.
61*b077aed3SPierre Pronchery
62*b077aed3SPierre Pronchery=item B<RANDFILE>
63*b077aed3SPierre Pronchery
64*b077aed3SPierre ProncheryThe state file for the random number generator.
65*b077aed3SPierre ProncheryThis should not be needed in normal use.
66*b077aed3SPierre ProncherySee L<RAND_load_file(3)>.
67*b077aed3SPierre Pronchery
68*b077aed3SPierre Pronchery=item B<SSL_CERT_DIR>, B<SSL_CERT_FILE>
69*b077aed3SPierre Pronchery
70*b077aed3SPierre ProncherySpecify the default directory or file containing CA certificates.
71*b077aed3SPierre ProncherySee L<SSL_CTX_load_verify_locations(3)>.
72*b077aed3SPierre Pronchery
73*b077aed3SPierre Pronchery=item B<TSGET>
74*b077aed3SPierre Pronchery
75*b077aed3SPierre ProncheryAdditional arguments for the L<tsget(1)> command.
76*b077aed3SPierre Pronchery
77*b077aed3SPierre Pronchery=item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap>
78*b077aed3SPierre Pronchery
79*b077aed3SPierre ProncheryOpenSSL supports a number of different algorithm implementations for
80*b077aed3SPierre Proncheryvarious machines and, by default, it determines which to use based on the
81*b077aed3SPierre Proncheryprocessor capabilities and run time feature enquiry.  These environment
82*b077aed3SPierre Proncheryvariables can be used to exert more control over this selection process.
83*b077aed3SPierre ProncherySee L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>.
84*b077aed3SPierre Pronchery
85*b077aed3SPierre Pronchery=item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY>
86*b077aed3SPierre Pronchery
87*b077aed3SPierre ProncherySpecify a proxy hostname.
88*b077aed3SPierre ProncherySee L<OSSL_HTTP_parse_url(3)>.
89*b077aed3SPierre Pronchery
90*b077aed3SPierre Pronchery=back
91*b077aed3SPierre Pronchery
92*b077aed3SPierre Pronchery=head1 COPYRIGHT
93*b077aed3SPierre Pronchery
94*b077aed3SPierre ProncheryCopyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
95*b077aed3SPierre Pronchery
96*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
97*b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
98*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
99*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
100*b077aed3SPierre Pronchery
101*b077aed3SPierre Pronchery=cut
102