1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimSSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/ssl.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim int SSL_CTX_config(SSL_CTX *ctx, const char *name); 12e71b7053SJung-uk Kim int SSL_config(SSL *s, const char *name); 13e71b7053SJung-uk Kim 14e71b7053SJung-uk Kim=head1 DESCRIPTION 15e71b7053SJung-uk Kim 16e71b7053SJung-uk KimThe functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or 17e71b7053SJung-uk KimB<SSL> structure using the configuration B<name>. 18e71b7053SJung-uk Kim 19e71b7053SJung-uk KimBy calling SSL_CTX_config() or SSL_config() an application can perform many 20e71b7053SJung-uk Kimcomplex tasks based on the contents of the configuration file: greatly 21e71b7053SJung-uk Kimsimplifying application configuration code. A degree of future proofing 22e71b7053SJung-uk Kimcan also be achieved: an application can support configuration features 23e71b7053SJung-uk Kimin newer versions of OpenSSL automatically. 24e71b7053SJung-uk Kim 25e71b7053SJung-uk KimA configuration file must have been previously loaded, for example using 26e71b7053SJung-uk KimCONF_modules_load_file(). See L<config(5)> for details of the configuration 27e71b7053SJung-uk Kimfile syntax. 28e71b7053SJung-uk Kim 29e71b7053SJung-uk Kim=head1 RETURN VALUES 30e71b7053SJung-uk Kim 31e71b7053SJung-uk KimSSL_CTX_config() and SSL_config() return 1 for success or 0 if an error 32e71b7053SJung-uk Kimoccurred. 33e71b7053SJung-uk Kim 34da327cd2SJung-uk Kim=head1 EXAMPLES 35e71b7053SJung-uk Kim 36e71b7053SJung-uk KimIf the file "config.cnf" contains the following: 37e71b7053SJung-uk Kim 38e71b7053SJung-uk Kim testapp = test_sect 39e71b7053SJung-uk Kim 40e71b7053SJung-uk Kim [test_sect] 41e71b7053SJung-uk Kim # list of configuration modules 42e71b7053SJung-uk Kim 43e71b7053SJung-uk Kim ssl_conf = ssl_sect 44e71b7053SJung-uk Kim 45e71b7053SJung-uk Kim [ssl_sect] 46e71b7053SJung-uk Kim server = server_section 47e71b7053SJung-uk Kim 48e71b7053SJung-uk Kim [server_section] 49e71b7053SJung-uk Kim RSA.Certificate = server-rsa.pem 50e71b7053SJung-uk Kim ECDSA.Certificate = server-ecdsa.pem 51e71b7053SJung-uk Kim Ciphers = ALL:!RC4 52e71b7053SJung-uk Kim 53e71b7053SJung-uk KimAn application could call: 54e71b7053SJung-uk Kim 55e71b7053SJung-uk Kim if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { 56e71b7053SJung-uk Kim fprintf(stderr, "Error processing config file\n"); 57e71b7053SJung-uk Kim goto err; 58e71b7053SJung-uk Kim } 59e71b7053SJung-uk Kim 60e71b7053SJung-uk Kim ctx = SSL_CTX_new(TLS_server_method()); 61e71b7053SJung-uk Kim 62e71b7053SJung-uk Kim if (SSL_CTX_config(ctx, "server") == 0) { 63e71b7053SJung-uk Kim fprintf(stderr, "Error configuring server.\n"); 64e71b7053SJung-uk Kim goto err; 65e71b7053SJung-uk Kim } 66e71b7053SJung-uk Kim 67e71b7053SJung-uk KimIn this example two certificates and the cipher list are configured without 68e71b7053SJung-uk Kimthe need for any additional application code. 69e71b7053SJung-uk Kim 70e71b7053SJung-uk Kim=head1 SEE ALSO 71e71b7053SJung-uk Kim 72*b077aed3SPierre ProncheryL<ssl(7)>, 73e71b7053SJung-uk KimL<config(5)>, 74e71b7053SJung-uk KimL<SSL_CONF_cmd(3)>, 75e71b7053SJung-uk KimL<CONF_modules_load_file(3)> 76e71b7053SJung-uk Kim 77e71b7053SJung-uk Kim=head1 HISTORY 78e71b7053SJung-uk Kim 796935a639SJung-uk KimThe SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. 80e71b7053SJung-uk Kim 81e71b7053SJung-uk Kim=head1 COPYRIGHT 82e71b7053SJung-uk Kim 83*b077aed3SPierre ProncheryCopyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 84e71b7053SJung-uk Kim 85*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 86e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 87e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 88e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 89e71b7053SJung-uk Kim 90e71b7053SJung-uk Kim=cut 91