12  int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value);
13  int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option);
17 The function SSL_CONF_cmd() performs configuration operation B<option> with
22 SSL_CONF_cmd_value_type() returns the type of value that B<option> refers to.
26 Currently supported B<option> names for command lines (i.e. when the
27 flag B<SSL_CONF_FLAG_CMDLINE> is set) are listed below. Note: all B<option>
51 security level is 2, so this option will have no effect without also changing
131 If this option is not set then all signature algorithms supported by all
145 option has no effect.
265 B<SSL> structure is set. This option is only supported if certificate
271 option is only supported if certificate operations are permitted. Note:
272 if no B<-key> option is set then a private key is not loaded unless the
278 the appropriate context. This option is only supported if certificate
305 Currently supported B<option> names for configuration files (i.e., when the
307 B<option> names are case insensitive so B<signaturealgorithms> is recognised
311 Note: the command prefix (if set) alters the recognised B<option> values.
334 structure is set. This option is only supported if certificate operations
340 context. This option is only supported if certificate operations
341 are permitted. Note: if no B<PrivateKey> option is set then a private key is
352 This option indicates a file containing a set of certificates in PEM form.
366 the appropriate context. This option is only supported if certificate
401 If this option is not set then all signature algorithms supported by all
416 If a server does not request a certificate this option has no effect.
504 Each option is listed below. Where an operation is enabled by default
564 option is set by default. A future version of OpenSSL may not set this by
570 second or subsequent time. This option is set by default and is only used by
602 option has no effect if B<KTLS> is not enabled. Equivalent to
603 B<SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE>. This option only applies to Linux.
604 KTLS sendfile on FreeBSD doesn't offer an option to disable zerocopy and
608 You should only enable this option if the protocol running over TLS can detect
642 set of acceptable names for client CAs. Servers only. This option is only
656 The B<option> string is unrecognised, this return value can be use to flag
673 The value string is not used e.g. a command line option which doesn't take an
696 given B<option> is recognised, this is useful if SSL_CONF_cmd() values are
706 SSL_CONF_CTX_set1_prefix(), pass the current argument to B<option> and the
711 returned then B<option> is not recognised and application specific arguments
724 SSL_CONF_cmd() returns 1 if the value of B<option> is recognised and B<value> is
725 B<NOT> used and 2 if both B<option> and B<value> are used. In other words it
729 A return value of -2 means B<option> is not recognised.
731 A return value of -3 means B<option> is recognised and the command requires a
734 A return code of 0 indicates that both B<option> and B<value> are valid but an
799 The B<SSL_OP_NO_SSL2> option doesn't have effect since 1.1.0, but the macro
810 The B<UnsafeLegacyServerConnect> option is no longer set by default from

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11