$NetBSD: SSL_CTX_config.3,v 1.9 2024/09/08 13:08:31 christos Exp $

-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)

Standard preamble:
========================================================================
..

..

.. \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================

Title "SSL_CTX_config 3" For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure Header "SYNOPSIS" .Vb 1 #include <openssl/ssl.h> \& int SSL_CTX_config(SSL_CTX *ctx, const char *name); int SSL_config(SSL *s, const char *name); .Ve Header "DESCRIPTION" The functions SSL_CTX_config() and SSL_config() configure an SSL_CTX or \fBSSL structure using the configuration name.

By calling SSL_CTX_config() or SSL_config() an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically.

A configuration file must have been previously loaded, for example using \fBCONF_modules_load_file(). See config\|(5) for details of the configuration file syntax.

Header "RETURN VALUES" \fBSSL_CTX_config() and SSL_config() return 1 for success or 0 if an error occurred. Header "EXAMPLES" If the file "config.cnf" contains the following:

.Vb 1 testapp = test_sect \& [test_sect] # list of configuration modules \& ssl_conf = ssl_sect \& [ssl_sect] server = server_section \& [server_section] RSA.Certificate = server-rsa.pem ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 .Ve

An application could call:

.Vb 4 if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { fprintf(stderr, "Error processing config file\en"); goto err; } \& ctx = SSL_CTX_new(TLS_server_method()); \& if (SSL_CTX_config(ctx, "server") == 0) { fprintf(stderr, "Error configuring server.\en"); goto err; } .Ve

In this example two certificates and the cipher list are configured without the need for any additional application code.

Header "SEE ALSO" \fBssl\|(7), \fBconfig\|(5), \fBSSL_CONF_cmd\|(3), \fBCONF_modules_load_file\|(3) Header "HISTORY" The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. Header "COPYRIGHT" Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.