|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/ssl.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int SSL_CTX_config(SSL_CTX *ctx, const char *name);
|
|
Packit |
c4476c |
int SSL_config(SSL *s, const char *name);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or
|
|
Packit |
c4476c |
B<SSL> structure using the configuration B<name>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
By calling SSL_CTX_config() or SSL_config() an application can perform many
|
|
Packit |
c4476c |
complex tasks based on the contents of the configuration file: greatly
|
|
Packit |
c4476c |
simplifying application configuration code. A degree of future proofing
|
|
Packit |
c4476c |
can also be achieved: an application can support configuration features
|
|
Packit |
c4476c |
in newer versions of OpenSSL automatically.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
A configuration file must have been previously loaded, for example using
|
|
Packit |
c4476c |
CONF_modules_load_file(). See L<config(5)> for details of the configuration
|
|
Packit |
c4476c |
file syntax.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error
|
|
Packit |
c4476c |
occurred.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 EXAMPLES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
If the file "config.cnf" contains the following:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
testapp = test_sect
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
[test_sect]
|
|
Packit |
c4476c |
# list of configuration modules
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
ssl_conf = ssl_sect
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
[ssl_sect]
|
|
Packit |
c4476c |
server = server_section
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
[server_section]
|
|
Packit |
c4476c |
RSA.Certificate = server-rsa.pem
|
|
Packit |
c4476c |
ECDSA.Certificate = server-ecdsa.pem
|
|
Packit |
c4476c |
Ciphers = ALL:!RC4
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
An application could call:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
|
|
Packit |
c4476c |
fprintf(stderr, "Error processing config file\n");
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
ctx = SSL_CTX_new(TLS_server_method());
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (SSL_CTX_config(ctx, "server") == 0) {
|
|
Packit |
c4476c |
fprintf(stderr, "Error configuring server.\n");
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
In this example two certificates and the cipher list are configured without
|
|
Packit |
c4476c |
the need for any additional application code.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<config(5)>,
|
|
Packit |
c4476c |
L<SSL_CONF_cmd(3)>,
|
|
Packit |
c4476c |
L<CONF_modules_load_file(3)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 HISTORY
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|