1=pod
2
3=head1 NAME
4
5CONF_get1_default_config_file,
6CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
7- OpenSSL configuration functions
8
9=head1 SYNOPSIS
10
11 #include <openssl/conf.h>
12
13 char *CONF_get1_default_config_file(void);
14 int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
15                               const char *appname, unsigned long flags);
16 int CONF_modules_load_file(const char *filename, const char *appname,
17                            unsigned long flags);
18 int CONF_modules_load(const CONF *cnf, const char *appname,
19                       unsigned long flags);
20
21=head1 DESCRIPTION
22
23The function CONF_get1_default_config_file() determines the default
24configuration file pathname as follows.
25If the B<OPENSSL_CONF> environment variable is set its value is returned.
26Else the function returns the path obtained using
27L<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended.
28The caller is responsible for freeing any string returned.
29
30The function CONF_modules_load_file_ex() configures OpenSSL using
31library context B<libctx> file B<filename> and application name B<appname>.
32If B<filename> is NULL the standard OpenSSL configuration file is used
33as determined by calling CONF_get1_default_config_file().
34If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
35used.
36The behaviour can be customized using B<flags>. Note that, the error suppressing
37can be overridden by B<config_diagnostics> as described in L<config(5)>.
38
39CONF_modules_load_file() is the same as CONF_modules_load_file_ex() but
40has a NULL library context.
41
42CONF_modules_load() is identical to CONF_modules_load_file() except it
43reads configuration information from B<cnf>.
44
45=head1 NOTES
46
47The following B<flags> are currently recognized:
48
49If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual
50configuration modules are ignored. If not set the first module error is
51considered fatal and no further modules are loaded.
52
53Normally any modules errors will add error information to the error queue. If
54B<CONF_MFLAGS_SILENT> is set no error information is added.
55
56If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally
57returns success.
58This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
59the default system-wide configuration file, as having all OpenSSL applications
60fail to start when there are potentially minor issues in the file is too risky.
61Applications calling B<CONF_modules_load_file_ex> explicitly should not
62generally set this flag.
63
64If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
65disabled.
66
67B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
68ignore missing configuration files. Normally a missing configuration file
69return an error.
70
71B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
72default section pointed to by B<openssl_conf> if B<appname> does not exist.
73
74By using CONF_modules_load_file_ex() with appropriate flags an
75application can customise application configuration to best suit its needs.
76In some cases the use of a configuration file is optional and its absence is not
77an error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
78
79Errors during configuration may also be handled differently by different
80applications. For example in some cases an error may simply print out a warning
81message and the application continue. In other cases an application might
82consider a configuration file error as fatal and exit immediately.
83
84Applications can use the CONF_modules_load() function if they wish to load a
85configuration file themselves and have finer control over how errors are
86treated.
87
88=head1 RETURN VALUES
89
90These functions return 1 for success and a zero or negative value for
91failure. If module errors are not ignored the return code will reflect the
92return value of the failing module (this will always be zero or negative).
93
94=head1 EXAMPLES
95
96Load a configuration file and print out any errors and exit (missing file
97considered fatal):
98
99 if (CONF_modules_load_file_ex(libctx, NULL, NULL, 0) <= 0) {
100     fprintf(stderr, "FATAL: error loading configuration file\n");
101     ERR_print_errors_fp(stderr);
102     exit(1);
103 }
104
105Load default configuration file using the section indicated by "myapp",
106tolerate missing files, but exit on other errors:
107
108 if (CONF_modules_load_file_ex(NULL, NULL, "myapp",
109                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
110     fprintf(stderr, "FATAL: error loading configuration file\n");
111     ERR_print_errors_fp(stderr);
112     exit(1);
113 }
114
115Load custom configuration file and section, only print warnings on error,
116missing configuration file ignored:
117
118 if (CONF_modules_load_file_ex(NULL, "/something/app.cnf", "myapp",
119                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
120     fprintf(stderr, "WARNING: error loading configuration file\n");
121     ERR_print_errors_fp(stderr);
122 }
123
124Load and parse configuration file manually, custom error handling:
125
126 FILE *fp;
127 CONF *cnf = NULL;
128 long eline;
129
130 fp = fopen("/somepath/app.cnf", "r");
131 if (fp == NULL) {
132     fprintf(stderr, "Error opening configuration file\n");
133     /* Other missing configuration file behaviour */
134 } else {
135     cnf = NCONF_new_ex(libctx, NULL);
136     if (NCONF_load_fp(cnf, fp, &eline) == 0) {
137         fprintf(stderr, "Error on line %ld of configuration file\n", eline);
138         ERR_print_errors_fp(stderr);
139         /* Other malformed configuration file behaviour */
140     } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
141         fprintf(stderr, "Error configuring application\n");
142         ERR_print_errors_fp(stderr);
143         /* Other configuration error behaviour */
144     }
145     fclose(fp);
146     NCONF_free(cnf);
147 }
148
149=head1 SEE ALSO
150
151L<config(5)>,
152L<OPENSSL_config(3)>,
153L<NCONF_new_ex(3)>
154
155=head1 COPYRIGHT
156
157Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
158
159Licensed under the Apache License 2.0 (the "License").  You may not use
160this file except in compliance with the License.  You can obtain a copy
161in the file LICENSE in the source distribution or at
162L<https://www.openssl.org/source/license.html>.
163
164=cut
165