diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-01-01 08:53:24 +0100 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-01-07 20:02:28 +0100 |
| commit | df1f538f28c10f2954757164b17781040d2355ef (patch) | |
| tree | 983b999d0b4625fc67a05897c38c37f48aedbeba /include | |
| parent | Update generator copyright year. (diff) | |
| download | openssl-df1f538f28c10f2954757164b17781040d2355ef.tar.xz openssl-df1f538f28c10f2954757164b17781040d2355ef.zip | |
More configurable crypto and ssl library initialization
1. In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().
2. By default we still keep going when configuration file
processing fails. But, applications that want to be strict
about initialization errors can now make explicit flag
choices via non-null OPENSSL_INIT_SETTINGS that omit the
CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
both undocumented and unused).
3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.
4. Don't set up atexit() handlers when called with INIT_BASE_ONLY.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/conf.h | 9 | ||||
| -rw-r--r-- | include/openssl/crypto.h | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/include/internal/conf.h b/include/internal/conf.h index 2d5ce93ec3..389cdfd75b 100644 --- a/include/internal/conf.h +++ b/include/internal/conf.h @@ -12,11 +12,18 @@ #include <openssl/conf.h> +#define DEFAULT_CONF_MFLAGS \ + (CONF_MFLAGS_DEFAULT_SECTION | \ + CONF_MFLAGS_IGNORE_MISSING_FILE | \ + CONF_MFLAGS_IGNORE_RETURN_CODES) + struct ossl_init_settings_st { + char *filename; char *appname; + unsigned long flags; }; -void openssl_config_int(const char *appname); +int openssl_config_int(const OPENSSL_INIT_SETTINGS *); void openssl_no_config_int(void); void conf_modules_free_int(void); diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 4b34812b24..f912302117 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -405,8 +405,12 @@ void OPENSSL_thread_stop(void); /* Low-level control of initialization */ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); # ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *config_file); + const char *config_appname); # endif void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); |