diff --git a/CHANGES b/CHANGES
index c7997c122..91b01bc91 100644
--- a/CHANGES
+++ b/CHANGES
@@ -43,7 +43,19 @@
          *) applies to 0.9.6a ... 0.9.6d and 0.9.7
          +) applies to 0.9.7 only
 
-  +) Move default behaviour to CONF_modules_load_file(). Is appname is NULL
+  +) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  +) Move default behaviour from OPENSSL_config(). If appname is NULL
      use "openssl_conf" if filename is NULL use default openssl config file.
      [Steve Henson]
 
diff --git a/apps/apps.c b/apps/apps.c
index 7864e792e..8c9726ebd 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1314,3 +1314,21 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 		}
         return e;
         }
+
+int load_config(BIO *err, CONF *cnf)
+	{
+	if (!cnf)
+		cnf = config;
+	if (!cnf)
+		return 1;
+
+	OPENSSL_load_builtin_modules();
+
+	if (CONF_modules_load(cnf, NULL, 0) <= 0)
+		{
+		BIO_printf(err, "Error configuring OpenSSL\n");
+		ERR_print_errors(err);
+		return 0;
+		}
+	return 1;
+	}
diff --git a/apps/apps.h b/apps/apps.h
index db75538a0..aad286212 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -196,7 +196,8 @@ extern BIO *bio_err;
 #  define apps_shutdown() \
 		do { destroy_ui_method(); EVP_cleanup(); \
 		ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); \
-		ERR_remove_state(0); ERR_free_strings(); } while(0)
+		ERR_remove_state(0); ERR_free_strings(); \
+		CONF_modules_unload(1); } while(0)
 #endif
 
 typedef struct args_st
@@ -244,6 +245,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
 
+int load_config(BIO *err, CONF *cnf);
+
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 4918bcb1c..0e6167d2d 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -103,6 +103,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
diff --git a/apps/ca.c b/apps/ca.c
index 3417e328d..182c29e8c 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -590,6 +590,9 @@ bad:
 		goto err;
 		}
 
+	if (!load_config(bio_err, conf))
+		goto err;
+
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
diff --git a/apps/crl.c b/apps/crl.c
index 5ea59d016..f25b1877b 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -120,6 +120,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
diff --git a/apps/dgst.c b/apps/dgst.c
index 7989a1dcd..c3e37be41 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -112,6 +112,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
 	program_name(argv[0],pname,PROG_NAME_SIZE);
 
diff --git a/apps/dh.c b/apps/dh.c
index dc854264f..27c3dc8df 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -100,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dhparam.c b/apps/dhparam.c
index e55d0ce0c..f1664a59b 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -166,6 +166,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/dsa.c b/apps/dsa.c
index 9d10a7c86..9da1a4164 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -109,6 +109,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 84a5ac628..d54c77d93 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -106,6 +106,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/ecdsa.c b/apps/ecdsa.c
index 80cbdb2e4..8f15ee2f1 100644
--- a/apps/ecdsa.c
+++ b/apps/ecdsa.c
@@ -177,6 +177,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine = NULL;
 	infile = NULL;
 	outfile = NULL;
diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c
index 9e9c1cb7c..8594d8f8e 100644
--- a/apps/ecdsaparam.c
+++ b/apps/ecdsaparam.c
@@ -178,6 +178,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/enc.c b/apps/enc.c
index a8b33874b..d01060f22 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
 	program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
diff --git a/apps/engine.c b/apps/engine.c
index f71076b13..734ecb3e5 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -356,6 +356,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
diff --git a/apps/gendh.c b/apps/gendh.c
index 83cbff912..f2542960b 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -96,6 +96,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
diff --git a/apps/gendsa.c b/apps/gendsa.c
index ebee7f026..1e1e9f3e4 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -93,6 +93,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 5a58235e0..515bd7c90 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -99,6 +99,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to create BIO for output\n");
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 66460391f..c87edbc44 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -145,6 +145,9 @@ int MAIN(int argc, char **argv)
 	int nmin = 0, ndays = -1;
 
 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	SSL_load_error_strings();
 	args = argv + 1;
 	reqnames = sk_new_null();
diff --git a/apps/passwd.c b/apps/passwd.c
index d3fa228bd..2023b76f5 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -79,6 +79,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	out = BIO_new(BIO_s_file());
 	if (out == NULL)
 		goto err;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a42421803..6a23b64f5 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
     args = argv + 1;
 
 
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index c0becce90..ea8c04dff 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -90,6 +90,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 
@@ -347,6 +350,7 @@ int MAIN(int argc, char **argv)
 			return (1);
 	}
 
+	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
diff --git a/apps/rand.c b/apps/rand.c
index 68622165e..f51f5bec3 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -92,6 +92,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto err;
+
 	badopt = 0;
 	i = 0;
 	while (!badopt && argv[++i] != NULL)
diff --git a/apps/req.c b/apps/req.c
index 27a7bba10..a6daf6287 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -560,6 +560,8 @@ bad:
 
 	if (req_conf != NULL)
 		{
+		if (!load_config(bio_err, req_conf))
+			goto end;
 		p=NCONF_get_string(req_conf,NULL,"oid_file");
 		if (p == NULL)
 			ERR_clear_error();
diff --git a/apps/rsa.c b/apps/rsa.c
index 6cadcb217..60a338152 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -113,6 +113,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/rsautl.c b/apps/rsautl.c
index e079dc87f..9b02e6782 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -104,6 +104,9 @@ int MAIN(int argc, char **argv)
 	argv++;
 
 	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	pad = RSA_PKCS1_PADDING;
diff --git a/apps/s_client.c b/apps/s_client.c
index 15a63cc9e..9c0dbc2bf 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -271,6 +271,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
 		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
 		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
diff --git a/apps/s_server.c b/apps/s_server.c
index 078e220c0..65525572e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -504,6 +504,9 @@ int MAIN(int argc, char *argv[])
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	verify_depth=0;
 #ifdef FIONBIO
 	s_nbio=0;
diff --git a/apps/smime.c b/apps/smime.c
index 731f9dd5d..cd750e32b 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -109,6 +109,9 @@ int MAIN(int argc, char **argv)
 	args = argv + 1;
 	ret = 1;
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	while (!badarg && *args && *args[0] == '-') {
 		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
 		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
diff --git a/apps/speed.c b/apps/speed.c
index 5e5366802..1c2b4eeda 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -515,6 +515,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 #ifndef OPENSSL_NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
diff --git a/apps/spkac.c b/apps/spkac.c
index fa5dc248c..049a37963 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -98,6 +98,9 @@ int MAIN(int argc, char **argv)
 
 	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
diff --git a/apps/verify.c b/apps/verify.c
index 255bf5ad2..215ef84fc 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -100,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argc--;
 	argv++;
 	for (;;)
diff --git a/apps/x509.c b/apps/x509.c
index a56f037b8..12888c048 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -191,6 +191,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 4e14cd000..3c03fb19c 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -194,6 +194,8 @@ char *CONF_get1_default_config_file(void);
 int CONF_parse_list(const char *list, int sep, int nospc,
 	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
 
+void OPENSSL_load_builtin_modules(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 7e88cfb62..459a2d7df 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -130,9 +130,11 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 
 	int ret, i;
 
-	if (!cnf || !appname)
+	if (!cnf)
 		return 1;
 
+	if (appname == NULL)
+		appname = "openssl_conf";
 
 	vsection = NCONF_get_string(cnf, NULL, appname); 
 
@@ -178,8 +180,6 @@ int CONF_modules_load_file(const char *filename, const char *appname,
 		}
 	else
 		file = (char *)filename;
-	if (appname == NULL)
-		appname = "openssl_conf";
 
 	if (NCONF_load(conf, file, NULL) <= 0)
 		{
@@ -422,6 +422,7 @@ void CONF_modules_unload(int all)
 	{
 	int i;
 	CONF_MODULE *md;
+	CONF_modules_finish();
 	/* unload modules in reverse order */
 	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
 		{