Make OPENSSL_config truly ignore errors.

Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)

diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index d03de246957533561985e365242c889ace3f0753..544fe9738719c43a84002edd1a6a56f1baa6a7ca 100644 (file)
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name)
     /* Need to load ENGINEs */
     ENGINE_load_builtin_engines();
 #endif
     /* Need to load ENGINEs */
     ENGINE_load_builtin_engines();
 #endif

-    /* Add others here? */
-

     ERR_clear_error();
     ERR_clear_error();

-    if (CONF_modules_load_file(NULL, config_name,
+    CONF_modules_load_file(NULL, config_name,

                                CONF_MFLAGS_DEFAULT_SECTION |
                                CONF_MFLAGS_DEFAULT_SECTION |

-                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
-        BIO *bio_err;
-        ERR_load_crypto_strings();
-        if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
-            BIO_printf(bio_err, "Auto configuration failed\n");
-            ERR_print_errors(bio_err);
-            BIO_free(bio_err);
-        }
-        exit(1);
-    }
-
-    return;
+                               CONF_MFLAGS_IGNORE_MISSING_FILE);

 }
 
 void OPENSSL_no_config()
 }
 
 void OPENSSL_no_config()

diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
index 888de88f6bbf537f8503d989b873ab6997518c1b..5096faca04fc5a92eea6b1892a3824430ea624c4 100644 (file)
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -15,31 +15,24 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
 
 OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
 configuration file name using B<config_name>. If B<config_name> is NULL then
 
 OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
 configuration file name using B<config_name>. If B<config_name> is NULL then

-the default name B<openssl_conf> will be used. Any errors are ignored. Further
-calls to OPENSSL_config() will have no effect. The configuration file format
-is documented in the L<conf(5)|conf(5)> manual page.
+the file specified in the environment variable B<OPENSSL_CONF> will be used,
+and if that is not set then a system default location is used.
+Errors are silently ignored.
+Multiple calls have no effect.

 
 OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
 no configuration takes place.
 
 =head1 NOTES
 
 
 OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
 no configuration takes place.
 
 =head1 NOTES
 

-It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
-or the more sophisticated functions such as CONF_modules_load() during
-initialization (that is before starting any threads). By doing this
-an application does not need to keep track of all configuration options
-and some new functionality can be supported automatically.
-
-It is also possible to automatically call OPENSSL_config() when an application
-calls OPENSSL_add_all_algorithms() by compiling an application with the
-preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
-can be added without source changes.
-
-The environment variable B<OPENSSL_CONF> can be set to specify the location
-of the configuration file.
- 
-Currently ASN1 OBJECTs and ENGINE configuration can be performed future
-versions of OpenSSL will add new configuration options.
+The OPENSSL_config() function is designed to be a very simple "call it and
+forget it" function.
+It is however B<much> better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as CONF_modules_load() directly. This function is deprecated
+and its use should be avoided.
+Applications should instead call CONF_modules_load() during
+initialization (that is before starting any threads).

 
 There are several reasons why calling the OpenSSL configuration routines is
 advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
 
 There are several reasons why calling the OpenSSL configuration routines is
 advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.