xref: /freebsd/crypto/openssl/doc/man3/CONF_modules_load_file.pod (revision d4eeb02986980bf33dd56c41ceb9fc5f180c0d47)
1=pod
2
3=head1 NAME
4
5CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
6
7=head1 SYNOPSIS
8
9 #include <openssl/conf.h>
10
11 int CONF_modules_load_file(const char *filename, const char *appname,
12                            unsigned long flags);
13 int CONF_modules_load(const CONF *cnf, const char *appname,
14                       unsigned long flags);
15
16=head1 DESCRIPTION
17
18The function CONF_modules_load_file() configures OpenSSL using file
19B<filename> and application name B<appname>. If B<filename> is NULL
20the standard OpenSSL configuration file is used. If B<appname> is
21NULL the standard OpenSSL application name B<openssl_conf> is used.
22The behaviour can be customized using B<flags>.
23
24CONF_modules_load() is identical to CONF_modules_load_file() except it
25reads configuration information from B<cnf>.
26
27=head1 NOTES
28
29The following B<flags> are currently recognized:
30
31If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual
32configuration modules are ignored. If not set the first module error is
33considered fatal and no further modules are loaded.
34
35Normally any modules errors will add error information to the error queue. If
36B<CONF_MFLAGS_SILENT> is set no error information is added.
37
38If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally
39returns success.
40This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
41the default system-wide configuration file, as having all OpenSSL applications
42fail to start when there are potentially minor issues in the file is too risky.
43Applications calling B<CONF_modules_load_file> explicitly should not generally
44set this flag.
45
46If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
47disabled.
48
49B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
50ignore missing configuration files. Normally a missing configuration file
51return an error.
52
53B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
54default section pointed to by B<openssl_conf> if B<appname> does not exist.
55
56By using CONF_modules_load_file() with appropriate flags an application can
57customise application configuration to best suit its needs. In some cases the
58use of a configuration file is optional and its absence is not an error: in
59this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
60
61Errors during configuration may also be handled differently by different
62applications. For example in some cases an error may simply print out a warning
63message and the application continue. In other cases an application might
64consider a configuration file error as fatal and exit immediately.
65
66Applications can use the CONF_modules_load() function if they wish to load a
67configuration file themselves and have finer control over how errors are
68treated.
69
70=head1 RETURN VALUES
71
72These functions return 1 for success and a zero or negative value for
73failure. If module errors are not ignored the return code will reflect the
74return value of the failing module (this will always be zero or negative).
75
76=head1 EXAMPLES
77
78Load a configuration file and print out any errors and exit (missing file
79considered fatal):
80
81 if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
82     fprintf(stderr, "FATAL: error loading configuration file\n");
83     ERR_print_errors_fp(stderr);
84     exit(1);
85 }
86
87Load default configuration file using the section indicated by "myapp",
88tolerate missing files, but exit on other errors:
89
90 if (CONF_modules_load_file(NULL, "myapp",
91                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
92     fprintf(stderr, "FATAL: error loading configuration file\n");
93     ERR_print_errors_fp(stderr);
94     exit(1);
95 }
96
97Load custom configuration file and section, only print warnings on error,
98missing configuration file ignored:
99
100 if (CONF_modules_load_file("/something/app.cnf", "myapp",
101                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
102     fprintf(stderr, "WARNING: error loading configuration file\n");
103     ERR_print_errors_fp(stderr);
104 }
105
106Load and parse configuration file manually, custom error handling:
107
108 FILE *fp;
109 CONF *cnf = NULL;
110 long eline;
111
112 fp = fopen("/somepath/app.cnf", "r");
113 if (fp == NULL) {
114     fprintf(stderr, "Error opening configuration file\n");
115     /* Other missing configuration file behaviour */
116 } else {
117     cnf = NCONF_new(NULL);
118     if (NCONF_load_fp(cnf, fp, &eline) == 0) {
119         fprintf(stderr, "Error on line %ld of configuration file\n", eline);
120         ERR_print_errors_fp(stderr);
121         /* Other malformed configuration file behaviour */
122     } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
123         fprintf(stderr, "Error configuring application\n");
124         ERR_print_errors_fp(stderr);
125         /* Other configuration error behaviour */
126     }
127     fclose(fp);
128     NCONF_free(cnf);
129 }
130
131=head1 SEE ALSO
132
133L<config(5)>, L<OPENSSL_config(3)>
134
135=head1 COPYRIGHT
136
137Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
138
139Licensed under the OpenSSL license (the "License").  You may not use
140this file except in compliance with the License.  You can obtain a copy
141in the file LICENSE in the source distribution or at
142L<https://www.openssl.org/source/license.html>.
143
144=cut
145