diff options
author | Rich Salz <rsalz@openssl.org> | 2015-01-25 21:15:57 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-01-25 21:15:57 -0500 |
commit | 491f3e4e8e4ba8853caa02fbeff51b69768e9646 (patch) | |
tree | c5796adba4bfa210ab134d2903f1d1197483449f | |
parent | 184693f4af2846dd89f473482e55df26c428da36 (diff) | |
download | openssl-new-491f3e4e8e4ba8853caa02fbeff51b69768e9646.tar.gz |
Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored. Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)
-rw-r--r-- | crypto/conf/conf_sap.c | 17 | ||||
-rw-r--r-- | doc/crypto/OPENSSL_config.pod | 31 |
2 files changed, 14 insertions, 34 deletions
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index d03de24695..544fe97387 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name) /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); #endif - /* Add others here? */ - ERR_clear_error(); - if (CONF_modules_load_file(NULL, config_name, + CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { - BIO_printf(bio_err, "Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - exit(1); - } - - return; + CONF_MFLAGS_IGNORE_MISSING_FILE); } void OPENSSL_no_config() diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index 888de88f6b..5096faca04 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -15,31 +15,24 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> configuration file name using B<config_name>. If B<config_name> is NULL then -the default name B<openssl_conf> will be used. Any errors are ignored. Further -calls to OPENSSL_config() will have no effect. The configuration file format -is documented in the L<conf(5)|conf(5)> manual page. +the file specified in the environment variable B<OPENSSL_CONF> will be used, +and if that is not set then a system default location is used. +Errors are silently ignored. +Multiple calls have no effect. OPENSSL_no_config() disables configuration. If called before OPENSSL_config() no configuration takes place. =head1 NOTES -It is B<strongly> recommended that B<all> new applications call OPENSSL_config() -or the more sophisticated functions such as CONF_modules_load() during -initialization (that is before starting any threads). By doing this -an application does not need to keep track of all configuration options -and some new functionality can be supported automatically. - -It is also possible to automatically call OPENSSL_config() when an application -calls OPENSSL_add_all_algorithms() by compiling an application with the -preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration -can be added without source changes. - -The environment variable B<OPENSSL_CONF> can be set to specify the location -of the configuration file. - -Currently ASN1 OBJECTs and ENGINE configuration can be performed future -versions of OpenSSL will add new configuration options. +The OPENSSL_config() function is designed to be a very simple "call it and +forget it" function. +It is however B<much> better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during +initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. |