SSL_config (3)

Leading comments

Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)

Standard preamble:
========================================================================

(The comments found at the beginning of the groff file "man3/SSL_config.3ssl".)

NAME

SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure

SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_CTX_config(SSL_CTX *ctx, const char *name);
 int SSL_config(SSL *s, const char *name);

DESCRIPTION

The functions SSL_CTX_config() and SSL_config() configure an or structure using the configuration name.

NOTES

By calling SSL_CTX_config() or SSL_config() an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically.

A configuration file must have been previously loaded, for example using CONF_modules_load_file(). See config(3) for details of the configuration file syntax.

RETURN VALUES

SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error occurred.

EXAMPLE

If the file ``config.cnf'' contains the following:

 testapp = test_sect

 [test_sect]
 # list of confuration modules

 ssl_conf = ssl_sect

 [ssl_sect]

 server = server_section

 [server_section]

 RSA.Certificate = server-rsa.pem
 ECDSA.Certificate = server-ecdsa.pem
 Ciphers = ALL:!RC4

An application could call:

 if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
      fprintf(stderr, "Error processing config file\n");
      goto err;
 }

 ctx = SSL_CTX_new(TLS_server_method());

 if (SSL_CTX_config(ctx, "server") == 0) {
     fprintf(stderr, "Error configuring server.\n");
     goto err;
 }

In this example two certificates and the cipher list are configured without the need for any additional application code.

SEE ALSO

config(3), SSL_CONF_cmd(3), CONF_modules_load_file(3)

HISTORY

SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0

COPYRIGHT

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the ``License''). You may not use this file except in compliance with the License. You can obtain a copy in the file

in the source distribution or at <www.openssl.org/source/license.html>.