generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make OPENSSL_config truly ignore errors.

Browse Source 
Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2015-01-25 21:07:20 -05:00
parent 8de24b7927
commit abdd677125
2 changed files with 6 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/conf/conf_sap.c
View File

@ -86,24 +86,10 @@ void OPENSSL_config(const char *config_name)
/* Need to load ENGINEs */ /* Need to load ENGINEs */
ENGINE_load_builtin_engines(); ENGINE_load_builtin_engines();
#endif #endif
/* Add others here? */
ERR_clear_error(); ERR_clear_error();
if (CONF_modules_load_file(NULL, config_name, CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { CONF_MFLAGS_IGNORE_MISSING_FILE);
BIO *bio_err;
ERR_load_crypto_strings();
if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
BIO_printf(bio_err, "Auto configuration failed\n");
ERR_print_errors(bio_err);
BIO_free(bio_err);
}
fprintf(stderr, "OpenSSL could not auto-configure.\n");
exit(1);
}
return;
} }
void OPENSSL_no_config() void OPENSSL_no_config()

10
doc/crypto/OPENSSL_config.pod
View File

@ -17,8 +17,7 @@ OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
configuration file name using B<config_name>. If B<config_name> is NULL then configuration file name using B<config_name>. If B<config_name> is NULL then
the file specified in the environment variable B<OPENSSL_CONF> will be used, the file specified in the environment variable B<OPENSSL_CONF> will be used,
and if that is not set then a system default location is used. and if that is not set then a system default location is used.
In case of error, a message is printed to B<stderr> and the routine Errors are silently ignored.
exit's.
Multiple calls have no effect. Multiple calls have no effect.
OPENSSL_no_config() disables configuration. If called before OPENSSL_config() OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
@ -37,10 +36,9 @@ The OPENSSL_config() function is designed to be a very simple "call it and
forget it" function. forget it" function.
It is however B<much> better than nothing. Applications which need finer It is however B<much> better than nothing. Applications which need finer
control over their configuration functionality should use the configuration control over their configuration functionality should use the configuration
functions such as CONF_modules_load() directly. functions such as CONF_modules_load() directly. This function is deprecated
and its use should be avoided.
It is B<strongly> recommended that B<all> new applications call Applications should instead call CONF_modules_load() during
CONF_modules_load() during
initialization (that is before starting any threads). initialization (that is before starting any threads).
There are several reasons why calling the OpenSSL configuration routines is There are several reasons why calling the OpenSSL configuration routines is