config.5 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man5/config.5

Lines Matching +full:activate +full:- +full:to +full:- +full:activate
1 .\" -*- mode: troff; coding: utf-8 -*-
35 .\" entries marked with X<> in POD.  Of course, you'll have to process the
58 .TH CONFIG 5ossl 2025-07-01 3.5.1 OpenSSL
64 config \- OpenSSL CONF library configuration files
69 This format is used by many of the OpenSSL commands, and to
83 is the first non-space character in a line, the entire line is ignored.
86 Two directives can be used to control the parsing of configuration files:
103 available on systems with POSIX IO support.)  Any sub-directories found
111 is prepended to all relative pathnames.
115 To require all file inclusions to name absolute paths, use the following
122 The default behavior, where the \fBvalue\fR is \fBfalse\fR or \fBoff\fR, is to allow
123 relative paths. To require all \fB.include\fR pathnames to be absolute paths,
126 In these files, the dollar sign, \fB$\fR, is used to reference a variable, as
127 described below.  On some platforms, however, it is common to treat \fB$\fR
135 The default behavior, where the \fBvalue\fR is \fBfalse\fR or \fBoff\fR, is to treat
138 \&\fBtrue\fR or \fBon\fR, then \f(CW\*(C`foo$bar\*(C'\fR is a single seven-character name and
147 the value of the \fBincludedir\fR pragma, if it exists, is prepended to the
157 The first section of a configuration file is special and is referred to
186 In order to support this, commands like \fBopenssl\-req\fR\|(1) ignore any
210 to the configuration file, but are not propagated to the environment.
214 It is possible to escape certain characters by using a single \fB'\fR or
221 The expansion and escape rules as described above that apply to \fBvalue\fR
222 also apply to the pathname of the \fB.include\fR directive.
225 The sections below use the informal term \fImodule\fR to refer to a part
231 how to configure any modules in the library. It is not an error to leave
237 passed to \fBCONF_modules_load()\fR will be ignored.
240 a configuration error will completely prevent access to a service.
277 initialization section" refers to the section identified by the
280 is used to specify the individual sections.
288 this section makes them available to all commands and applications.
301 \& OPENSSL_CONF=example.cnf openssl asn1parse \-genstr OID:1.2.3.4.1
315 in this section each name a provider, and point to the configuration section
316 for that provider. The provider-specific section is used to specify how
317 to load the module, activate it, and set other parameters.
322 This is used to specify an alternate name, overriding the default name
334 Specifies the pathname of the module (typically a shared library) to load.
335 .IP \fBactivate\fR 4
336 .IX Item "activate"
337 If present and set to one of the values yes, on, true or 1, then the associated
338 provider will be activated. Conversely, setting this value to no, off, false, or
340 or uppercase. Setting activate to any other setting, or omitting a setting
345 If enabled, informs the library to clear the error stack on failure to activate
347 activate this setting, while a value of 0, no, false, or off (again in lower or
349 Note this setting defaults to off if not provided
351 All parameters in the section as well as sub-sections are made
352 available to the provider.
358 See \fBOSSL_PROVIDER\-default\fR\|(7) for more details.
361 you most probably need to explicitly activate the default provider,
376 \&\fByes\fR, this is exactly equivalent to:
406 to impose system-wide minimum TLS and DTLS protocol versions:
414 The minimum TLS protocol is applied to \fBSSL_CTX\fR objects that are TLS-based,
415 and the minimum DTLS protocol to those are DTLS-based.
416 The same applies also to maximum versions set with \fBMaxProtocol\fR.
427 \& RSA.Certificate = server\-rsa.pem
428 \& ECDSA.Certificate = server\-ecdsa.pem
436 The engine-specific section is used to specify how to load the engine,
437 activate it, and set other parameters.
442 This is used to specify an alternate name, overriding the default name
455 This loads and adds an ENGINE from the given path. It is equivalent to
457 with value \fB2\fR and \fBLOAD\fR to the dynamic ENGINE.  If this is not the
458 required behaviour then alternative ctrls can be sent directly to the
462 This specifies whether to initialize the ENGINE. If the value is \fB0\fR the
466 attempt will be made to initialize the ENGINE after all commands in its
473 All other names are taken to be the name of a ctrl command that is
474 sent to the ENGINE, and the value is the argument passed with the command.
496 This is used to specify the random bit generator.
501 \& random = CTR\-DRBG
506 .IP \fBCTR-DRBG\fR 4
507 .IX Item "CTR-DRBG"
509 .IP \fBHASH-DRBG\fR 4
510 .IX Item "HASH-DRBG"
511 .IP \fBHMAC-DRBG\fR 4
512 .IX Item "HMAC-DRBG"
519 This specifies what cipher a \fBCTR-DRBG\fR random bit generator will use.
521 The default value is \fBAES\-256\-CTR\fR.
524 This specifies what digest the \fBHASH-DRBG\fR or \fBHMAC-DRBG\fR random bit
532 This sets the randomness source that should be used.  By default \fBSEED-SRC\fR
540 This sets the provider to use for the \fBRAND_bytes\fR\|(3) calls instead of the built-in
541 entropy sources.  It defaults to "fips".  If the named provider is not loaded, the
542 built-in entropy sources will be used.
545 This example shows how to use quoting and escaping.
564 This example shows how to expand environment variables safely.
565 In this example, the variable \fBtempfile\fR is intended to refer
570 exist, it is possible to set \fBTMP\fR to default to \fI/tmp\fR, and
571 \&\fBTEMP\fR to default to \fBTMP\fR.
582 This example shows how to enforce FIPS mode for the application
598 The path to the config file, or the empty string for none.
599 Ignored in set-user-ID and set-group-ID programs.
602 The path to the engines directory.
603 Ignored in set-user-ID and set-group-ID programs.
606 The path to the directory with OpenSSL modules, such as providers.
607 Ignored in set-user-ID and set-group-ID programs.
610 The optional path to prepend to all \fB.include\fR paths.
613 There is no way to include characters using the octal \fB\ennn\fR form. Strings
616 The escaping isn't quite right: if you want to use sequences like \fB\en\fR
624 of parsing rules there were intended to be tailored to
627 could be used in pathnames, only the double-quote character was recognized,
628 and comments began with a semi-colon.
630 configuration files using that syntax will have to be modified.
633 \&\fBopenssl\-x509\fR\|(1), \fBopenssl\-req\fR\|(1), \fBopenssl\-ca\fR\|(1),
634 \&\fBopenssl\-fipsinstall\fR\|(1),
644 Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved.