Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)
This commit is contained in:
Rich Salz
parent
63c1d16bb8
commit
6d09851694
@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name)
|
|||||||
/* Need to load ENGINEs */
|
/* Need to load ENGINEs */
|
||||||
ENGINE_load_builtin_engines();
|
ENGINE_load_builtin_engines();
|
||||||
#endif
|
#endif
|
||||||
/* Add others here? */
|
|
||||||
|
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
if (CONF_modules_load_file(NULL, config_name,
|
CONF_modules_load_file(NULL, config_name,
|
||||||
CONF_MFLAGS_DEFAULT_SECTION |
|
CONF_MFLAGS_DEFAULT_SECTION |
|
||||||
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
|
CONF_MFLAGS_IGNORE_MISSING_FILE);
|
||||||
BIO *bio_err;
|
|
||||||
ERR_load_crypto_strings();
|
|
||||||
if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
|
|
||||||
BIO_printf(bio_err, "Auto configuration failed\n");
|
|
||||||
ERR_print_errors(bio_err);
|
|
||||||
BIO_free(bio_err);
|
|
||||||
}
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void OPENSSL_no_config()
|
void OPENSSL_no_config()
|
||||||
|
|||||||
@ -15,31 +15,24 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
|
|||||||
|
|
||||||
OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
|
OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
|
||||||
configuration file name using B<config_name>. If B<config_name> is NULL then
|
configuration file name using B<config_name>. If B<config_name> is NULL then
|
||||||
the default name B<openssl_conf> will be used. Any errors are ignored. Further
|
the file specified in the environment variable B<OPENSSL_CONF> will be used,
|
||||||
calls to OPENSSL_config() will have no effect. The configuration file format
|
and if that is not set then a system default location is used.
|
||||||
is documented in the L<conf(5)|conf(5)> manual page.
|
Errors are silently ignored.
|
||||||
|
Multiple calls have no effect.
|
||||||
|
|
||||||
OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
|
OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
|
||||||
no configuration takes place.
|
no configuration takes place.
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
|
The OPENSSL_config() function is designed to be a very simple "call it and
|
||||||
or the more sophisticated functions such as CONF_modules_load() during
|
forget it" function.
|
||||||
initialization (that is before starting any threads). By doing this
|
It is however B<much> better than nothing. Applications which need finer
|
||||||
an application does not need to keep track of all configuration options
|
control over their configuration functionality should use the configuration
|
||||||
and some new functionality can be supported automatically.
|
functions such as CONF_modules_load() directly. This function is deprecated
|
||||||
|
and its use should be avoided.
|
||||||
It is also possible to automatically call OPENSSL_config() when an application
|
Applications should instead call CONF_modules_load() during
|
||||||
calls OPENSSL_add_all_algorithms() by compiling an application with the
|
initialization (that is before starting any threads).
|
||||||
preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
|
|
||||||
can be added without source changes.
|
|
||||||
|
|
||||||
The environment variable B<OPENSSL_CONF> can be set to specify the location
|
|
||||||
of the configuration file.
|
|
||||||
|
|
||||||
Currently ASN1 OBJECTs and ENGINE configuration can be performed future
|
|
||||||
versions of OpenSSL will add new configuration options.
|
|
||||||
|
|
||||||
There are several reasons why calling the OpenSSL configuration routines is
|
There are several reasons why calling the OpenSSL configuration routines is
|
||||||
advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
|
advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
|
||||||
@ -55,17 +48,6 @@ configuration file.
|
|||||||
Applications should free up configuration at application closedown by calling
|
Applications should free up configuration at application closedown by calling
|
||||||
CONF_modules_free().
|
CONF_modules_free().
|
||||||
|
|
||||||
=head1 RESTRICTIONS
|
|
||||||
|
|
||||||
The OPENSSL_config() function is designed to be a very simple "call it and
|
|
||||||
forget it" function. As a result its behaviour is somewhat limited. It ignores
|
|
||||||
all errors silently and it can only load from the standard configuration file
|
|
||||||
location for example.
|
|
||||||
|
|
||||||
It is however B<much> better than nothing. Applications which need finer
|
|
||||||
control over their configuration functionality should use the configuration
|
|
||||||
functions such as CONF_load_modules() directly.
|
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
|
Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user