Loading doc/apps/config.pod +28 −0 Original line number Diff line number Diff line Loading @@ -208,6 +208,34 @@ For example: fips_mode = on =head2 SSL CONFIGURATION MODULE This module has the name B<ssl_conf> which points to a section containing SSL configurations. Each line in the SSL configuration section contains the name of the configuration and the section containing it. Each configuration section consists of command value pairs for B<SSL_CONF>. Each pair will be passed to a B<SSL_CTX> or B<SSL> structure if it calls SSL_CTX_config() or SSL_config() with the appropriate configuration name. Note: any characters before an initial dot in the configuration section are ignored so the same command can be used multiple times. For example: ssl_conf = ssl_sect [ssl_sect] server = server_section [server_section] RSA.Certificate = server-rsa.pem ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 =head1 NOTES Loading doc/ssl/SSL_CTX_config.pod 0 → 100644 +84 −0 Original line number Diff line number Diff line =pod =head1 NAME SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure. =head1 SYNOPSIS #include <openssl/ssl.h> int SSL_CTX_config(SSL_CTX *ctx, const char *name); int SSL_config(SSL *s, const char *name); =head1 DESCRIPTION The functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or B<SSL> structure using the configuration B<name>. =head1 NOTES By calling SSL_CTX_config() or SSL_config() an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically. A configuration file must have been previously loaded, for example using CONF_modules_load_file(). See L<config(3)> for details of the configuration file syntax. =head1 RETURN VALUES SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error occurred. =head1 EXAMPLE If the file "config.cnf" contains the following: testapp = test_sect [test_sect] # list of confuration modules ssl_conf = ssl_sect [ssl_sect] server = server_section [server_section] RSA.Certificate = server-rsa.pem ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 An application could call: if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { fprintf(stderr, "Error processing config file\n"); goto err; } ctx = SSL_CTX_new(TLS_server_method()); if (SSL_CTX_config(ctx, "server") == 0) { fprintf(stderr, "Error configuring server.\n"); goto err; } In this example two certificates and the cipher list are configured without the need for any additional application code. =head1 SEE ALSO L<config(3)>, L<SSL_CONF_cmd(3)>, L<CONF_modules_load_file(3)> =head1 HISTORY SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0 =cut Loading
doc/apps/config.pod +28 −0 Original line number Diff line number Diff line Loading @@ -208,6 +208,34 @@ For example: fips_mode = on =head2 SSL CONFIGURATION MODULE This module has the name B<ssl_conf> which points to a section containing SSL configurations. Each line in the SSL configuration section contains the name of the configuration and the section containing it. Each configuration section consists of command value pairs for B<SSL_CONF>. Each pair will be passed to a B<SSL_CTX> or B<SSL> structure if it calls SSL_CTX_config() or SSL_config() with the appropriate configuration name. Note: any characters before an initial dot in the configuration section are ignored so the same command can be used multiple times. For example: ssl_conf = ssl_sect [ssl_sect] server = server_section [server_section] RSA.Certificate = server-rsa.pem ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 =head1 NOTES Loading
doc/ssl/SSL_CTX_config.pod 0 → 100644 +84 −0 Original line number Diff line number Diff line =pod =head1 NAME SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure. =head1 SYNOPSIS #include <openssl/ssl.h> int SSL_CTX_config(SSL_CTX *ctx, const char *name); int SSL_config(SSL *s, const char *name); =head1 DESCRIPTION The functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or B<SSL> structure using the configuration B<name>. =head1 NOTES By calling SSL_CTX_config() or SSL_config() an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically. A configuration file must have been previously loaded, for example using CONF_modules_load_file(). See L<config(3)> for details of the configuration file syntax. =head1 RETURN VALUES SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error occurred. =head1 EXAMPLE If the file "config.cnf" contains the following: testapp = test_sect [test_sect] # list of confuration modules ssl_conf = ssl_sect [ssl_sect] server = server_section [server_section] RSA.Certificate = server-rsa.pem ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 An application could call: if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { fprintf(stderr, "Error processing config file\n"); goto err; } ctx = SSL_CTX_new(TLS_server_method()); if (SSL_CTX_config(ctx, "server") == 0) { fprintf(stderr, "Error configuring server.\n"); goto err; } In this example two certificates and the cipher list are configured without the need for any additional application code. =head1 SEE ALSO L<config(3)>, L<SSL_CONF_cmd(3)>, L<CONF_modules_load_file(3)> =head1 HISTORY SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0 =cut
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>