OpenSSL.vip

Cryptography and SSL/TLS Toolkit

NAME

CONF_modules_load_file_with_libctx, CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions

SYNOPSIS

 #include <openssl/conf.h>
 
 int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
                                        const char *filename,
                                        const char *appname, unsigned long flags);
 int CONF_modules_load_file(const char *filename, const char *appname,
                            unsigned long flags);
 int CONF_modules_load(const CONF *cnf, const char *appname,
                       unsigned long flags);

DESCRIPTION

The function CONF_modules_load_file_with_libctx() configures OpenSSL using library context libctx file filename and application name appname. If filename is NULL the standard OpenSSL configuration file is used. If appname is NULL the standard OpenSSL application name openssl_conf is used. The behaviour can be customized using flags.

CONF_modules_load_file() is the same as CONF_modules_load_file_with_libctx() but has a NULL library context.

CONF_modules_load() is identical to CONF_modules_load_file() except it reads configuration information from cnf.

NOTES

The following flags are currently recognized:

If CONF_MFLAGS_IGNORE_ERRORS is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded.

Normally any modules errors will add error information to the error queue. If CONF_MFLAGS_SILENT is set no error information is added.

If CONF_MFLAGS_IGNORE_RETURN_CODES is set the function unconditionally returns success. This is used by default in RETURN VALUES

These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative).

EXAMPLES

Load a configuration file and print out any errors and exit (missing file considered fatal):

 if (CONF_modules_load_file_with_libctx(libctx, NULL, NULL, 0) <= 0) {
     fprintf(stderr, "FATAL: error loading configuration file\n");
     ERR_print_errors_fp(stderr);
     exit(1);
 }

Load default configuration file using the section indicated by "myapp", tolerate missing files, but exit on other errors:

 if (CONF_modules_load_file_with_libctx(NULL, NULL, "myapp",
                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
     fprintf(stderr, "FATAL: error loading configuration file\n");
     ERR_print_errors_fp(stderr);
     exit(1);
 }

Load custom configuration file and section, only print warnings on error, missing configuration file ignored:

 if (CONF_modules_load_file_with_libctx(NULL, "/something/app.cnf", "myapp",
                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
     fprintf(stderr, "WARNING: error loading configuration file\n");
     ERR_print_errors_fp(stderr);
 }

Load and parse configuration file manually, custom error handling:

 FILE *fp;
 CONF *cnf = NULL;
 long eline;
 
 fp = fopen("/somepath/app.cnf", "r");
 if (fp == NULL) {
     fprintf(stderr, "Error opening configuration file\n");
     /* Other missing configuration file behaviour */
 } else {
     cnf = NCONF_new_with_libctx(libctx, NULL);
     if (NCONF_load_fp(cnf, fp, &eline) == 0) {
         fprintf(stderr, "Error on line %ld of configuration file\n", eline);
         ERR_print_errors_fp(stderr);
         /* Other malformed configuration file behaviour */
     } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
         fprintf(stderr, "Error configuring application\n");
         ERR_print_errors_fp(stderr);
         /* Other configuration error behaviour */
     }
     fclose(fp);
     NCONF_free(cnf);
 }

SEE ALSO

OPENSSL_config(3), COPYRIGHT

Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

关闭