argc = opt_num_rest();
argv = opt_rest();
- BIO_printf(bio_err, "Using configuration from %s\n", configfile);
-
- if ((conf = app_load_config(configfile)) == NULL)
+ if ((conf = app_load_config_verbose(configfile, 1)) == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))
goto end;
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
-extern char *default_config_file;
+extern char *default_config_file; /* may be "" */
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
BIO *bio_open_default(const char *filename, char mode, int format);
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
CONF *app_load_config_bio(BIO *in, const char *filename);
-CONF *app_load_config(const char *filename);
-CONF *app_load_config_quiet(const char *filename);
+#define app_load_config(filename) app_load_config_internal(filename, 0)
+#define app_load_config_quiet(filename) app_load_config_internal(filename, 1)
+CONF *app_load_config_internal(const char *filename, int quiet);
+CONF *app_load_config_verbose(const char *filename, int verbose);
int app_load_modules(const CONF *config);
CONF *app_load_config_modules(const char *configfile);
void unbuffer(FILE *fp);
# define _kbhit kbhit
#endif
+static BIO *bio_open_default_(const char *filename, char mode, int format,
+ int quiet);
+
#define PASS_SOURCE_SIZE_MAX 4
DEFINE_STACK_OF(CONF)
return NULL;
}
-CONF *app_load_config(const char *filename)
+CONF *app_load_config_verbose(const char *filename, int verbose)
{
- BIO *in;
- CONF *conf;
-
- in = bio_open_default(filename, 'r', FORMAT_TEXT);
- if (in == NULL)
- return NULL;
-
- conf = app_load_config_bio(in, filename);
- BIO_free(in);
- return conf;
+ if (verbose) {
+ if (*filename == '\0')
+ BIO_printf(bio_err, "No configuration used\n");
+ else
+ BIO_printf(bio_err, "Using configuration from %s\n", filename);
+ }
+ return app_load_config_internal(filename, 0);
}
-CONF *app_load_config_quiet(const char *filename)
+CONF *app_load_config_internal(const char *filename, int quiet)
{
- BIO *in;
+ BIO *in = NULL; /* leads to empty config in case filename == "" */
CONF *conf;
- in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
- if (in == NULL)
+ if (*filename != '\0'
+ && (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL)
return NULL;
-
conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
CONF *conf = NULL;
if (configfile != NULL) {
- BIO_printf(bio_err, "Using configuration from %s\n", configfile);
-
- if ((conf = app_load_config(configfile)) == NULL)
+ if ((conf = app_load_config_verbose(configfile, 1)) == NULL)
return NULL;
if (configfile != default_config_file && !app_load_modules(conf)) {
NCONF_free(conf);
if (ret != NULL)
return ret;
BIO_printf(bio_err,
- "Can't open %s for %s, %s\n",
+ "Can't open \"%s\" for %s, %s\n",
filename, modeverb(mode), strerror(errno));
}
ERR_print_errors(bio_err);
goto end;
}
- if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n", template);
- if ((req_conf = app_load_config(template)) == NULL)
+ if ((req_conf = app_load_config_verbose(template, verbose)) == NULL)
goto end;
if (addext_bio != NULL) {
if (verbose)
if (genctx == NULL) {
genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
&keyalgstr, gen_eng);
- if (!genctx)
+ if (genctx == NULL)
goto end;
}
genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(genctx, genopt) <= 0) {
BIO_printf(bio_err, "parameter error \"%s\"\n", genopt);
- ERR_print_errors(bio_err);
goto end;
}
}
if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
- /* Set version to V3 */
if (serial != NULL) {
if (!X509_set_serialNumber(x509ss, serial))
goto end;
goto end;
/* Set up V3 context struct */
-
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, X509V3_CTX_REPLACE);
X509V3_set_nconf(&ext_ctx, req_conf);
}
i = do_X509_sign(x509ss, pkey, digest, sigopts, &ext_ctx);
- if (!i) {
- ERR_print_errors(bio_err);
+ if (!i)
goto end;
- }
} else {
X509V3_CTX ext_ctx;
goto end;
}
i = do_X509_REQ_sign(req, pkey, digest, sigopts);
- if (!i) {
- ERR_print_errors(bio_err);
+ if (!i)
goto end;
- }
}
}
if (tpubkey == NULL) {
BIO_printf(bio_err, "Error getting public key\n");
- ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
else
BIO_printf(bio_err, "Error printing certificate request\n");
- ERR_print_errors(bio_err);
goto end;
}
}
{
int ret = 0, i;
char no_prompt = 0;
- STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+ STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL;
char *tmp, *dn_sect, *attr_sect;
tmp = NCONF_get_string(req_conf, section, PROMPT);
dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME);
if (dn_sect == NULL) {
- BIO_printf(bio_err, "unable to find '%s' in config\n",
- DISTINGUISHED_NAME);
- goto err;
- }
- dn_sk = NCONF_get_section(req_conf, dn_sect);
- if (dn_sk == NULL) {
- BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
- goto err;
+ ERR_clear_error();
+ } else {
+ dn_sk = NCONF_get_section(req_conf, dn_sect);
+ if (dn_sk == NULL) {
+ BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
+ goto err;
+ }
}
attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES);
if (attr_sect == NULL) {
ERR_clear_error();
- attr_sk = NULL;
} else {
attr_sk = NCONF_get_section(req_conf, attr_sect);
if (attr_sk == NULL) {
if (gctx == NULL) {
BIO_puts(bio_err, "Error allocating keygen context\n");
- ERR_print_errors(bio_err);
return NULL;
}
if (EVP_PKEY_keygen_init(gctx) <= 0) {
BIO_puts(bio_err, "Error initializing keygen context\n");
- ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}
if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
BIO_puts(bio_err, "Error setting RSA keysize\n");
- ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}
if (configfile == NULL)
configfile = default_config_file;
- if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n",
- configfile);
- conf = app_load_config(configfile);
+ conf = app_load_config_verbose(configfile, verbose);
if (conf == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))
return NULL;
vv.name = NULL;
vv.section = (char *)section;
- return lh_CONF_VALUE_retrieve(conf->data, &vv);
+ return conf->data != NULL ? lh_CONF_VALUE_retrieve(conf->data, &vv) : NULL;
}
STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
return NULL;
if (conf == NULL)
return ossl_safe_getenv(name);
+ if (conf->data == NULL)
+ return NULL;
if (section != NULL) {
vv.name = (char *)name;
vv.section = (char *)section;
p = &(buff->data[bufnum]);
*p = '\0';
read_retry:
- BIO_gets(in, p, CONFBUFSIZE - 1);
+ if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0)
+ goto err;
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
if (i == 0 && !again) {
- /* the currently processed BIO is at EOF */
+ /* the currently processed BIO is NULL or at EOF */
BIO *parent;
#ifndef OPENSSL_NO_POSIX_IO
CONF *conf = NULL;
int ret = 0, diagnostics = 0;
- ERR_set_mark();
- conf = NCONF_new_ex(libctx, NULL);
- if (conf == NULL)
- goto err;
-
if (filename == NULL) {
file = CONF_get1_default_config_file();
if (file == NULL)
file = (char *)filename;
}
+ ERR_set_mark();
+ conf = NCONF_new_ex(libctx, NULL);
+ if (conf == NULL)
+ goto err;
+
if (NCONF_load(conf, file, NULL) <= 0) {
if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
(ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
}
/* Return default config file name */
-
char *CONF_get1_default_config_file(void)
{
const char *t;
arguments and have a B<-config> option to specify that file.
The default name of the file is F<openssl.cnf> in the default certificate
storage area, which can be determined from the L<openssl-version(1)>
-command. This can be used to load modules.
-The environment variable B<OPENSSL_CONF> can be used to specify
-a different location of the file.
-See L<openssl-env(7)>.
+command using the B<-d> or B<-a> option.
+The environment variable B<OPENSSL_CONF> can be used to specify a different
+file location or to disable loading a configuration (using the empty string).
+
+Among others, the configuration file can be used to load modules
+and to specify parameters for generating certificates and random numbers.
+See L<config(5)> for details.
=head2 Standard Commands
=head1 NAME
+CONF_get1_default_config_file,
CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
- OpenSSL configuration functions
#include <openssl/conf.h>
+ char *CONF_get1_default_config_file(void);
int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
const char *appname, unsigned long flags);
int CONF_modules_load_file(const char *filename, const char *appname,
=head1 DESCRIPTION
+The function CONF_get1_default_config_file() determines the default
+configuration file pathname as follows.
+If the B<OPENSSL_CONF> environment variable is set its value is returned.
+Else the function returns the path obtained using
+L<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended.
+The caller is responsible for freeing any string returned.
+
The function CONF_modules_load_file_ex() configures OpenSSL using
library context B<libctx> file B<filename> and application name B<appname>.
-If B<filename> is NULL the standard OpenSSL configuration file is used.
+If B<filename> is NULL the standard OpenSSL configuration file is used
+as determined by calling CONF_get1_default_config_file().
If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
used.
The behaviour can be customized using B<flags>. Note that, the error suppressing
=item B<OPENSSL_CONF>
-The path to the config file.
+The path to the config file, or the empty string for none.
Ignored in set-user-ID and set-group-ID programs.
=item B<OPENSSL_ENGINES>
Specifies the path to a configuration file and the directory for
included files.
-See L<openssl(1)> and L<config(5)>.
+See L<config(5)>.
=item B<OPENSSL_CONFIG>
CONF_dump_bio(3)
CONF_dump_fp(3)
CONF_free(3)
-CONF_get1_default_config_file(3)
CONF_get_number(3)
CONF_get_section(3)
CONF_get_string(3)
CONF_dump_bio(3)
CONF_dump_fp(3)
CONF_free(3)
-CONF_get1_default_config_file(3)
CONF_get_number(3)
CONF_get_section(3)
CONF_get_string(3)
projects / openssl.git / commitdiff