Commit abdd6771 authored by Rich Salz's avatar Rich Salz
Browse files

Make OPENSSL_config truly ignore errors. 



Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
parent 8de24b79

crypto/conf/conf_sap.c

+2 −16
Original line number Diff line number Diff line
@@ -86,24 +86,10 @@ void OPENSSL_config(const char *config_name) 
    /* Need to load ENGINEs */

    ENGINE_load_builtin_engines();

#endif

    /* Add others here? */



    ERR_clear_error();

    if (CONF_modules_load_file(NULL, config_name,

    CONF_modules_load_file(NULL, config_name,

                               CONF_MFLAGS_DEFAULT_SECTION |

                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {

        BIO *bio_err;

        ERR_load_crypto_strings();

        if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {

            BIO_printf(bio_err, "Auto configuration failed\n");

            ERR_print_errors(bio_err);

            BIO_free(bio_err);

        }

        fprintf(stderr, "OpenSSL could not auto-configure.\n");

        exit(1);

    }



    return;

                               CONF_MFLAGS_IGNORE_MISSING_FILE);

}



void OPENSSL_no_config()

doc/crypto/OPENSSL_config.pod

+4 −6
Original line number Diff line number Diff line
@@ -17,8 +17,7 @@ OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> 
configuration file name using B<config_name>. If B<config_name> is NULL then

the file specified in the environment variable B<OPENSSL_CONF> will be used,

and if that is not set then a system default location is used.

In case of error, a message is printed to B<stderr> and the routine

exit's.

Errors are silently ignored.

Multiple calls have no effect.



OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
@@ -37,10 +36,9 @@ The OPENSSL_config() function is designed to be a very simple "call it and 
forget it" function.

It is however B<much> better than nothing. Applications which need finer

control over their configuration functionality should use the configuration

functions such as CONF_modules_load() directly.



It is B<strongly> recommended that B<all> new applications call

CONF_modules_load() during

functions such as CONF_modules_load() directly. This function is deprecated

and its use should be avoided.

Applications should instead call CONF_modules_load() during

initialization (that is before starting any threads).



There are several reasons why calling the OpenSSL configuration routines is