1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimSSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/ssl.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim int SSL_CTX_config(SSL_CTX *ctx, const char *name); 12e71b7053SJung-uk Kim int SSL_config(SSL *s, const char *name); 13e71b7053SJung-uk Kim 14e71b7053SJung-uk Kim=head1 DESCRIPTION 15e71b7053SJung-uk Kim 16e71b7053SJung-uk KimThe functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or 17e71b7053SJung-uk KimB<SSL> structure using the configuration B<name>. 18e71b7053SJung-uk Kim 19e71b7053SJung-uk Kim=head1 NOTES 20e71b7053SJung-uk Kim 21e71b7053SJung-uk KimBy calling SSL_CTX_config() or SSL_config() an application can perform many 22e71b7053SJung-uk Kimcomplex tasks based on the contents of the configuration file: greatly 23e71b7053SJung-uk Kimsimplifying application configuration code. A degree of future proofing 24e71b7053SJung-uk Kimcan also be achieved: an application can support configuration features 25e71b7053SJung-uk Kimin newer versions of OpenSSL automatically. 26e71b7053SJung-uk Kim 27e71b7053SJung-uk KimA configuration file must have been previously loaded, for example using 28e71b7053SJung-uk KimCONF_modules_load_file(). See L<config(5)> for details of the configuration 29e71b7053SJung-uk Kimfile syntax. 30e71b7053SJung-uk Kim 31e71b7053SJung-uk Kim=head1 RETURN VALUES 32e71b7053SJung-uk Kim 33e71b7053SJung-uk KimSSL_CTX_config() and SSL_config() return 1 for success or 0 if an error 34e71b7053SJung-uk Kimoccurred. 35e71b7053SJung-uk Kim 36e71b7053SJung-uk Kim=head1 EXAMPLE 37e71b7053SJung-uk Kim 38e71b7053SJung-uk KimIf the file "config.cnf" contains the following: 39e71b7053SJung-uk Kim 40e71b7053SJung-uk Kim testapp = test_sect 41e71b7053SJung-uk Kim 42e71b7053SJung-uk Kim [test_sect] 43e71b7053SJung-uk Kim # list of configuration modules 44e71b7053SJung-uk Kim 45e71b7053SJung-uk Kim ssl_conf = ssl_sect 46e71b7053SJung-uk Kim 47e71b7053SJung-uk Kim [ssl_sect] 48e71b7053SJung-uk Kim server = server_section 49e71b7053SJung-uk Kim 50e71b7053SJung-uk Kim [server_section] 51e71b7053SJung-uk Kim RSA.Certificate = server-rsa.pem 52e71b7053SJung-uk Kim ECDSA.Certificate = server-ecdsa.pem 53e71b7053SJung-uk Kim Ciphers = ALL:!RC4 54e71b7053SJung-uk Kim 55e71b7053SJung-uk KimAn application could call: 56e71b7053SJung-uk Kim 57e71b7053SJung-uk Kim if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { 58e71b7053SJung-uk Kim fprintf(stderr, "Error processing config file\n"); 59e71b7053SJung-uk Kim goto err; 60e71b7053SJung-uk Kim } 61e71b7053SJung-uk Kim 62e71b7053SJung-uk Kim ctx = SSL_CTX_new(TLS_server_method()); 63e71b7053SJung-uk Kim 64e71b7053SJung-uk Kim if (SSL_CTX_config(ctx, "server") == 0) { 65e71b7053SJung-uk Kim fprintf(stderr, "Error configuring server.\n"); 66e71b7053SJung-uk Kim goto err; 67e71b7053SJung-uk Kim } 68e71b7053SJung-uk Kim 69e71b7053SJung-uk KimIn this example two certificates and the cipher list are configured without 70e71b7053SJung-uk Kimthe need for any additional application code. 71e71b7053SJung-uk Kim 72e71b7053SJung-uk Kim=head1 SEE ALSO 73e71b7053SJung-uk Kim 74e71b7053SJung-uk KimL<config(5)>, 75e71b7053SJung-uk KimL<SSL_CONF_cmd(3)>, 76e71b7053SJung-uk KimL<CONF_modules_load_file(3)> 77e71b7053SJung-uk Kim 78e71b7053SJung-uk Kim=head1 HISTORY 79e71b7053SJung-uk Kim 80*6935a639SJung-uk KimThe SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. 81e71b7053SJung-uk Kim 82e71b7053SJung-uk Kim=head1 COPYRIGHT 83e71b7053SJung-uk Kim 84e71b7053SJung-uk KimCopyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 85e71b7053SJung-uk Kim 86e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 87e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 88e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 89e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 90e71b7053SJung-uk Kim 91e71b7053SJung-uk Kim=cut 92