1*e71b7053SJung-uk Kim=pod 2*e71b7053SJung-uk Kim 3*e71b7053SJung-uk Kim=head1 NAME 4*e71b7053SJung-uk Kim 5*e71b7053SJung-uk KimSSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure 6*e71b7053SJung-uk Kim 7*e71b7053SJung-uk Kim=head1 SYNOPSIS 8*e71b7053SJung-uk Kim 9*e71b7053SJung-uk Kim #include <openssl/ssl.h> 10*e71b7053SJung-uk Kim 11*e71b7053SJung-uk Kim int SSL_CTX_config(SSL_CTX *ctx, const char *name); 12*e71b7053SJung-uk Kim int SSL_config(SSL *s, const char *name); 13*e71b7053SJung-uk Kim 14*e71b7053SJung-uk Kim=head1 DESCRIPTION 15*e71b7053SJung-uk Kim 16*e71b7053SJung-uk KimThe functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or 17*e71b7053SJung-uk KimB<SSL> structure using the configuration B<name>. 18*e71b7053SJung-uk Kim 19*e71b7053SJung-uk Kim=head1 NOTES 20*e71b7053SJung-uk Kim 21*e71b7053SJung-uk KimBy calling SSL_CTX_config() or SSL_config() an application can perform many 22*e71b7053SJung-uk Kimcomplex tasks based on the contents of the configuration file: greatly 23*e71b7053SJung-uk Kimsimplifying application configuration code. A degree of future proofing 24*e71b7053SJung-uk Kimcan also be achieved: an application can support configuration features 25*e71b7053SJung-uk Kimin newer versions of OpenSSL automatically. 26*e71b7053SJung-uk Kim 27*e71b7053SJung-uk KimA configuration file must have been previously loaded, for example using 28*e71b7053SJung-uk KimCONF_modules_load_file(). See L<config(5)> for details of the configuration 29*e71b7053SJung-uk Kimfile syntax. 30*e71b7053SJung-uk Kim 31*e71b7053SJung-uk Kim=head1 RETURN VALUES 32*e71b7053SJung-uk Kim 33*e71b7053SJung-uk KimSSL_CTX_config() and SSL_config() return 1 for success or 0 if an error 34*e71b7053SJung-uk Kimoccurred. 35*e71b7053SJung-uk Kim 36*e71b7053SJung-uk Kim=head1 EXAMPLE 37*e71b7053SJung-uk Kim 38*e71b7053SJung-uk KimIf the file "config.cnf" contains the following: 39*e71b7053SJung-uk Kim 40*e71b7053SJung-uk Kim testapp = test_sect 41*e71b7053SJung-uk Kim 42*e71b7053SJung-uk Kim [test_sect] 43*e71b7053SJung-uk Kim # list of configuration modules 44*e71b7053SJung-uk Kim 45*e71b7053SJung-uk Kim ssl_conf = ssl_sect 46*e71b7053SJung-uk Kim 47*e71b7053SJung-uk Kim [ssl_sect] 48*e71b7053SJung-uk Kim server = server_section 49*e71b7053SJung-uk Kim 50*e71b7053SJung-uk Kim [server_section] 51*e71b7053SJung-uk Kim RSA.Certificate = server-rsa.pem 52*e71b7053SJung-uk Kim ECDSA.Certificate = server-ecdsa.pem 53*e71b7053SJung-uk Kim Ciphers = ALL:!RC4 54*e71b7053SJung-uk Kim 55*e71b7053SJung-uk KimAn application could call: 56*e71b7053SJung-uk Kim 57*e71b7053SJung-uk Kim if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { 58*e71b7053SJung-uk Kim fprintf(stderr, "Error processing config file\n"); 59*e71b7053SJung-uk Kim goto err; 60*e71b7053SJung-uk Kim } 61*e71b7053SJung-uk Kim 62*e71b7053SJung-uk Kim ctx = SSL_CTX_new(TLS_server_method()); 63*e71b7053SJung-uk Kim 64*e71b7053SJung-uk Kim if (SSL_CTX_config(ctx, "server") == 0) { 65*e71b7053SJung-uk Kim fprintf(stderr, "Error configuring server.\n"); 66*e71b7053SJung-uk Kim goto err; 67*e71b7053SJung-uk Kim } 68*e71b7053SJung-uk Kim 69*e71b7053SJung-uk KimIn this example two certificates and the cipher list are configured without 70*e71b7053SJung-uk Kimthe need for any additional application code. 71*e71b7053SJung-uk Kim 72*e71b7053SJung-uk Kim=head1 SEE ALSO 73*e71b7053SJung-uk Kim 74*e71b7053SJung-uk KimL<config(5)>, 75*e71b7053SJung-uk KimL<SSL_CONF_cmd(3)>, 76*e71b7053SJung-uk KimL<CONF_modules_load_file(3)> 77*e71b7053SJung-uk Kim 78*e71b7053SJung-uk Kim=head1 HISTORY 79*e71b7053SJung-uk Kim 80*e71b7053SJung-uk KimSSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0 81*e71b7053SJung-uk Kim 82*e71b7053SJung-uk Kim=head1 COPYRIGHT 83*e71b7053SJung-uk Kim 84*e71b7053SJung-uk KimCopyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 85*e71b7053SJung-uk Kim 86*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 87*e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 88*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 89*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 90*e71b7053SJung-uk Kim 91*e71b7053SJung-uk Kim=cut 92