5 CONF_modules_load_file_with_libctx, CONF_modules_load_file, CONF_modules_load
6 - OpenSSL configuration functions
10 #include <openssl/conf.h>
12 int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
14 const char *appname, unsigned long flags);
15 int CONF_modules_load_file(const char *filename, const char *appname,
17 int CONF_modules_load(const CONF *cnf, const char *appname,
22 The function CONF_modules_load_file_with_libctx() configures OpenSSL using
23 library context B<libctx> file B<filename> and application name B<appname>.
24 If B<filename> is NULL the standard OpenSSL configuration file is used.
25 If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
27 The behaviour can be customized using B<flags>. Note that, the error suppressing
28 can be overriden by B<config_diagnostics> as described in L<config(5)>.
30 CONF_modules_load_file() is the same as CONF_modules_load_file_with_libctx() but
31 has a NULL library context.
33 CONF_modules_load() is identical to CONF_modules_load_file() except it
34 reads configuration information from B<cnf>.
38 The following B<flags> are currently recognized:
40 If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual
41 configuration modules are ignored. If not set the first module error is
42 considered fatal and no further modules are loaded.
44 Normally any modules errors will add error information to the error queue. If
45 B<CONF_MFLAGS_SILENT> is set no error information is added.
47 If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally
49 This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
50 the default system-wide configuration file, as having all OpenSSL applications
51 fail to start when there are potentially minor issues in the file is too risky.
52 Applications calling B<CONF_modules_load_file_with_libctx> explicitly should not
53 generally set this flag.
55 If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
58 B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
59 ignore missing configuration files. Normally a missing configuration file
62 B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
63 default section pointed to by B<openssl_conf> if B<appname> does not exist.
65 By using CONF_modules_load_file_with_libctx() with appropriate flags an
66 application can customise application configuration to best suit its needs.
67 In some cases the use of a configuration file is optional and its absence is not
68 an error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
70 Errors during configuration may also be handled differently by different
71 applications. For example in some cases an error may simply print out a warning
72 message and the application continue. In other cases an application might
73 consider a configuration file error as fatal and exit immediately.
75 Applications can use the CONF_modules_load() function if they wish to load a
76 configuration file themselves and have finer control over how errors are
81 These functions return 1 for success and a zero or negative value for
82 failure. If module errors are not ignored the return code will reflect the
83 return value of the failing module (this will always be zero or negative).
87 Load a configuration file and print out any errors and exit (missing file
90 if (CONF_modules_load_file_with_libctx(libctx, NULL, NULL, 0) <= 0) {
91 fprintf(stderr, "FATAL: error loading configuration file\n");
92 ERR_print_errors_fp(stderr);
96 Load default configuration file using the section indicated by "myapp",
97 tolerate missing files, but exit on other errors:
99 if (CONF_modules_load_file_with_libctx(NULL, NULL, "myapp",
100 CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
101 fprintf(stderr, "FATAL: error loading configuration file\n");
102 ERR_print_errors_fp(stderr);
106 Load custom configuration file and section, only print warnings on error,
107 missing configuration file ignored:
109 if (CONF_modules_load_file_with_libctx(NULL, "/something/app.cnf", "myapp",
110 CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
111 fprintf(stderr, "WARNING: error loading configuration file\n");
112 ERR_print_errors_fp(stderr);
115 Load and parse configuration file manually, custom error handling:
121 fp = fopen("/somepath/app.cnf", "r");
123 fprintf(stderr, "Error opening configuration file\n");
124 /* Other missing configuration file behaviour */
126 cnf = NCONF_new_with_libctx(libctx, NULL);
127 if (NCONF_load_fp(cnf, fp, &eline) == 0) {
128 fprintf(stderr, "Error on line %ld of configuration file\n", eline);
129 ERR_print_errors_fp(stderr);
130 /* Other malformed configuration file behaviour */
131 } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
132 fprintf(stderr, "Error configuring application\n");
133 ERR_print_errors_fp(stderr);
134 /* Other configuration error behaviour */
143 L<OPENSSL_config(3)>,
144 L<NCONF_new_with_libctx(3)>
148 Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
150 Licensed under the Apache License 2.0 (the "License"). You may not use
151 this file except in compliance with the License. You can obtain a copy
152 in the file LICENSE in the source distribution or at
153 L<https://www.openssl.org/source/license.html>.