OPENSSL_config, OPENSSL_no_config — simple OpenSSL configuration functions
OPENSSL_config(const char *config_name);
OPENSSL_config() configures OpenSSL using the standard openssl.cnf configuration
file name using config_name. If config_name is
NULL then the default name openssl_conf will
be used. Any errors are ignored. Further calls to OPENSSL_config()
will have no effect. The configuration file format is documented in
the conf(5) manual
OPENSSL_no_config() disables configuration. If called before
OPENSSL_config() no configuration takes place.
It is strongly recommended that all new
applications call OPENSSL_config() or the more sophisticated functions
such as CONF_modules_load() during initialization (that is before
starting any threads). By doing this an application does not need
to keep track of all configuration options and some new functionality
can be supported automatically.
It is also possible to automatically call OPENSSL_config()
when an application calls OPENSSL_add_all_algorithms() by compiling
an application with the preprocessor symbol OPENSSL_LOAD_CONF #define'd.
In this way configuration can be added without source changes.
The environment variable OPENSSL_CONFIG can
be set to specify the location of the configuration file. Currently
ASN1 OBJECTs and ENGINE configuration can be performed future versions
of OpenSSL will add new configuration options.
There are several reasons why calling the OpenSSL configuration
routines is advisable. For example new ENGINE functionality was
added to OpenSSL 0.9.7. In OpenSSL 0.9.7 control functions can be
supported by ENGINEs, this can be used (among other things) to load
dynamic ENGINEs from shared libraries (DSOs). However very few applications
currently support the control interface and so very few can load
and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs
will require certain control operations to customize them. If an
application calls OPENSSL_config() it doesn't need to know or care
about ENGINE control operations because they can be performed by
editing a configuration file.
Applications should free up configuration at application closedown
by calling CONF_modules_free().
The OPENSSL_config() function is designed to be a very simple
"call it and forget it" function. As a result its behaviour is somewhat
limited. It ignores all errors silently and it can only load from
the standard configuration file location for example.
It is however much better than nothing.
Applications which need finer control over their configuration functionality
should use the configuration functions such as CONF_load_modules()
Neither OPENSSL_config() nor OPENSSL_no_config() return a
conf(5), CONF_load_modules_file(3), CONF_modules_free(3), CONF_modules_free(3)
OPENSSL_config() and OPENSSL_no_config() first appeared in