Lines Matching +full:activate +full:- +full:to +full:- +full:activate

5 config - OpenSSL CONF library configuration files
11 This format is used by many of the OpenSSL commands, and to
26 is the first non-space character in a line, the entire line is ignored.
30 Two directives can be used to control the parsing of configuration files:
45 available on systems with POSIX IO support.)  Any sub-directories found
53 is prepended to all relative pathnames.
57 To require all file inclusions to name absolute paths, use the following
62 The default behavior, where the B<value> is B<false> or B<off>, is to allow
63 relative paths. To require all B<.include> pathnames to be absolute paths,
66 In these files, the dollar sign, B<$>, is used to reference a variable, as
67 described below.  On some platforms, however, it is common to treat B<$>
73 The default behavior, where the B<value> is B<false> or B<off>, is to treat
76 B<true> or B<on>, then C<foo$bar> is a single seven-character name and
83 the value of the B<includedir> pragma, if it exists, is prepended to the
94 The first section of a configuration file is special and is referred to
121 In order to support this, commands like L<openssl-req(1)> ignore any
132 To use a value from another section use C<$section::name>
143 to the configuration file, but are not propagated to the environment.
147 It is possible to escape certain characters by using a single B<'> or
154 The expansion and escape rules as described above that apply to B<value>
155 also apply to the pathname of the B<.include> directive.
159 The sections below use the informal term I<module> to refer to a part
165 how to configure any modules in the library. It is not an error to leave
171 passed to CONF_modules_load() will be ignored.
174 a configuration error will completely prevent access to a service.
209 initialization section" refers to the section identified by the
212 is used to specify the individual sections.
221 this section makes them available to all commands and applications.
231  OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
243 in this section each name a provider, and point to the configuration section
244 for that provider. The provider-specific section is used to specify how
245 to load the module, activate it, and set other parameters.
253 This is used to specify an alternate name, overriding the default name
264 Specifies the pathname of the module (typically a shared library) to load.
266 =item B<activate>
268 If present and set to one of the values yes, on, true or 1, then the associated
269 provider will be activated. Conversely, setting this value to no, off, false, or
271 or uppercase. Setting activate to any other setting, or omitting a setting
276 If enabled, informs the library to clear the error stack on failure to activate
278 activate this setting, while a value of 0, no, false, or off (again in lower or
280 Note this setting defaults to off if not provided
284 All parameters in the section as well as sub-sections are made
285 available to the provider.
290 See L<OSSL_PROVIDER-default(7)> for more details.
293 you most probably need to explicitly activate the default provider,
313 B<yes>, this is exactly equivalent to:
342 to impose system-wide minimum TLS and DTLS protocol versions:
348 The minimum TLS protocol is applied to B<SSL_CTX> objects that are TLS-based,
349 and the minimum DTLS protocol to those are DTLS-based.
350 The same applies also to maximum versions set with B<MaxProtocol>.
360  RSA.Certificate = server-rsa.pem
361  ECDSA.Certificate = server-ecdsa.pem
369 The engine-specific section is used to specify how to load the engine,
370 activate it, and set other parameters.
378 This is used to specify an alternate name, overriding the default name
390 This loads and adds an ENGINE from the given path. It is equivalent to
392 with value B<2> and B<LOAD> to the dynamic ENGINE.  If this is not the
393 required behaviour then alternative ctrls can be sent directly to the
398 This specifies whether to initialize the ENGINE. If the value is B<0> the
400 to initialize
402 attempt will be made to initialize the ENGINE after all commands in its
412 All other names are taken to be the name of a ctrl command that is
413 sent to the ENGINE, and the value is the argument passed with the command.
437 This is used to specify the random bit generator.
441  random = CTR-DRBG
447 =item B<CTR-DRBG>
449 =item B<HASH-DRBG>
451 =item B<HMAC-DRBG>
457 This specifies what cipher a B<CTR-DRBG> random bit generator will use.
459 The default value is B<AES-256-CTR>.
463 This specifies what digest the B<HASH-DRBG> or B<HMAC-DRBG> random bit
473 This sets the randomness source that should be used.  By default B<SEED-SRC>
475 to access the same randomness sources from outside the validated boundary.
483 This sets the provider to use for the L<RAND_bytes(3)> calls instead of the built-in
484 entropy sources.  It defaults to "fips".  If the named provider is not loaded, the
485 built-in entropy sources will be used.
491 This example shows how to use quoting and escaping.
508 This example shows how to expand environment variables safely.
509 In this example, the variable B<tempfile> is intended to refer
510 to a temporary file, and the environment variable B<TEMP> or
514 exist, it is possible to set B<TMP> to default to F</tmp>, and
515 B<TEMP> to default to B<TMP>.
524 This example shows how to enforce FIPS mode for the application
541 The path to the config file, or the empty string for none.
542 Ignored in set-user-ID and set-group-ID programs.
546 The path to the engines directory.
547 Ignored in set-user-ID and set-group-ID programs.
551 The path to the directory with OpenSSL modules, such as providers.
552 Ignored in set-user-ID and set-group-ID programs.
556 The optional path to prepend to all B<.include> paths.
562 There is no way to include characters using the octal B<\nnn> form. Strings
565 The escaping isn't quite right: if you want to use sequences like B<\n>
574 of parsing rules there were intended to be tailored to
577 could be used in pathnames, only the double-quote character was recognized,
578 and comments began with a semi-colon.
580 configuration files using that syntax will have to be modified.
584 L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
585 L<openssl-fipsinstall(1)>,
596 Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.