1=pod 2 3=head1 NAME 4 5openssl-env - OpenSSL environment variables 6 7=head1 DESCRIPTION 8 9The OpenSSL libraries use environment variables to override the 10compiled-in default paths for various data. 11To avoid security risks, the environment is usually not consulted when 12the executable is set-user-ID or set-group-ID. 13 14=over 4 15 16=item B<CTLOG_FILE> 17 18Specifies the path to a certificate transparency log list. 19See L<CTLOG_STORE_new(3)>. 20 21=item B<OPENSSL> 22 23Specifies the path to the B<openssl> executable. Used by 24the B<rehash> script (see L<openssl-rehash(1)/Script Configuration>) 25and by the B<CA.pl> script (see L<CA.pl(1)/NOTES> 26 27=item B<OPENSSL_CONF>, B<OPENSSL_CONF_INCLUDE> 28 29Specifies the path to a configuration file and the directory for 30included files. 31See L<config(5)>. 32 33=item B<OPENSSL_CONFIG> 34 35Specifies a configuration option and filename for the B<req> and B<ca> 36commands invoked by the B<CA.pl> script. 37See L<CA.pl(1)>. 38 39=item B<OPENSSL_ENGINES> 40 41Specifies the directory from which dynamic engines are loaded. 42See L<openssl-engine(1)>. 43 44=item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES> 45 46If built with debugging, this allows memory allocation to fail. 47See L<OPENSSL_malloc(3)>. 48 49=item B<OPENSSL_MODULES> 50 51Specifies the directory from which cryptographic providers are loaded. 52Equivalently, the generic B<-provider-path> command-line option may be used. 53 54=item B<OPENSSL_WIN32_UTF8> 55 56If set, then L<UI_OpenSSL(3)> returns UTF-8 encoded strings, rather than 57ones encoded in the current code page, and 58the L<openssl(1)> program also transcodes the command-line parameters 59from the current code page to UTF-8. 60This environment variable is only checked on Microsoft Windows platforms. 61 62=item B<RANDFILE> 63 64The state file for the random number generator. 65This should not be needed in normal use. 66See L<RAND_load_file(3)>. 67 68=item B<SSL_CERT_DIR>, B<SSL_CERT_FILE> 69 70Specify the default directory or file containing CA certificates. 71See L<SSL_CTX_load_verify_locations(3)>. 72 73=item B<TSGET> 74 75Additional arguments for the L<tsget(1)> command. 76 77=item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap> 78 79OpenSSL supports a number of different algorithm implementations for 80various machines and, by default, it determines which to use based on the 81processor capabilities and run time feature enquiry. These environment 82variables can be used to exert more control over this selection process. 83See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>. 84 85=item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY> 86 87Specify a proxy hostname. 88See L<OSSL_HTTP_parse_url(3)>. 89 90=back 91 92=head1 COPYRIGHT 93 94Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 95 96Licensed under the Apache License 2.0 (the "License"). You may not use 97this file except in compliance with the License. You can obtain a copy 98in the file LICENSE in the source distribution or at 99L<https://www.openssl.org/source/license.html>. 100 101=cut 102