Clean up now that autoconfiguration is available:

- deprecation notice - say more precisely what OPENSSL_config(3) does - kill the unfounded rumour that the library might inspect environment variables; in fact, only the openssl(1) program inspects $OPENSSL_CONF - garbage collect long, irrelevant ramblings about engines - garbage collect empty RETURN VALUES section - garbage collect CAVEATS section, duplicate information only
author: schwarze <> 2018-03-17 20:18:44 +0000
committer: schwarze <> 2018-03-17 20:18:44 +0000
commit: fdc2ab736d85c8663197b0ef9dbca9e93976c000 (patch)
tree: 4bb6e548761af12280be75e30d894fe3f2d2fc5c /src
parent: 1df6e36c9d7eff0320ef36b1b8f08614c168f15f (diff)
download: openbsd-fdc2ab736d85c8663197b0ef9dbca9e93976c000.tar.gz
openbsd-fdc2ab736d85c8663197b0ef9dbca9e93976c000.tar.bz2
openbsd-fdc2ab736d85c8663197b0ef9dbca9e93976c000.zip
1 files changed, 55 insertions, 78 deletions
diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3
index 3aa1944dab..6e2a1ef56f 100644
--- a/src/lib/libcrypto/man/OPENSSL_config.3
+++ b/src/lib/libcrypto/man/OPENSSL_config.3
@@ -1,8 +1,25 @@
-.\"     $OpenBSD: OPENSSL_config.3,v 1.7 2018/03/17 18:52:42 schwarze Exp $
+.\" $OpenBSD: OPENSSL_config.3,v 1.8 2018/03/17 20:18:44 schwarze Exp $
-.\"     OpenSSL ab6577a4 May 14 21:07:51 2014 +0100
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
-.\" Copyright (c) 2000, 2004, 2005 The OpenSSL Project.  All rights reserved.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -54,32 +71,50 @@
 .Sh NAME
 .Nm OPENSSL_config ,
 .Nm OPENSSL_no_config
-.Nd simple OpenSSL configuration functions
+.Nd old style crypto and ssl library initialization
 .Sh SYNOPSIS
 .In openssl/conf.h
 .Ft void
 .Fo OPENSSL_config
-.Fa "const char *config_name"
+.Fa "const char *appname"
 .Fc
 .Ft void
 .Fn OPENSSL_no_config void
 .Sh DESCRIPTION
+These functions have been deprecated since OpenSSL 1.1.0.
+It is recommended to use
+.Xr CONF_modules_load_file 3
+instead of
 .Fn OPENSSL_config
-configures OpenSSL using the standard
+or
-.Xr openssl.cnf 5
+.Xr OPENSSL_init_crypto 3
-configuration file name using
+with
-.Fa config_name .
+.Dv OPENSSL_INIT_NO_LOAD_CONFIG
+instead of
+.Fn OPENSSL_no_config .
+Except to disable the standard configuration file, application programs
+do not need to call any library initialization function at all because
+LibreSSL does all the required initialization automatically, and so does
+OpenSSL 1.1.0 and later.
+.Pp
+.Fn OPENSSL_config
+initializes the crypto library, in particular calling
+.Xr OPENSSL_init_crypto 3
+and
+.Xr CONF_modules_load_file 3
+with the standard configuration file and the given
+.Fa appname .
 If
-.Fa config_name
+.Fa appname
 is
-.Dv NULL
+.Dv NULL ,
 then the default name
 .Sy openssl_conf
-will be used.
+is used.
 Any errors are ignored.
 Further calls to
 .Fn OPENSSL_config
-will have no effect.
+have no effect.
 .Pp
 .Fn OPENSSL_no_config
 disables configuration.
@@ -87,58 +122,16 @@ If called before
 .Fn OPENSSL_config ,
 no configuration takes place.
 .Pp
-It is
+If an application is compiled with the preprocessor symbol
-.Sy strongly
-recommended that
-.Sy all
-new applications call
-.Fn OPENSSL_config
-or the more sophisticated functions such as
-.Xr CONF_modules_load 3
-during initialization (that is before starting any threads).
-By doing this, an application does not need to keep track of all
-configuration options and some new functionality can be supported
-automatically.
-.Pp
-It is also possible to automatically call
-.Fn OPENSSL_config
-when an application calls
-.Xr OpenSSL_add_all_algorithms 3
-by compiling an application with the preprocessor symbol
 .Dv OPENSSL_LOAD_CONF
-#define'd.
+#define'd,
-In this way configuration can be added without source changes.
+.Xr OpenSSL_add_all_algorithms 3
-.Pp
+automatically calls
-The environment variable
+.Fn OPENSSL_config .
-.Ev OPENSSL_CONF
-can be set to specify the location of the configuration file.
-.Pp
-Currently ASN.1 OBJECT and ENGINE configuration can be performed.
-.Pp
-There are several reasons why calling the OpenSSL configuration routines
-is advisable.
-For example new ENGINE functionality was added to OpenSSL 0.9.7.
-In OpenSSL 0.9.7 control functions can be supported by ENGINEs which can be
-used (among other things) to load dynamic ENGINEs from shared libraries
-(DSOs).
-However very few applications currently support the control interface
-and so very few can load and use dynamic ENGINEs.
-Equally in future more sophisticated ENGINEs will require certain
-control operations to customize them.
-If an application calls
-.Fn OPENSSL_config
-it doesn't need to know or care about ENGINE control operations because
-they can be performed by editing a configuration file.
 .Pp
 Applications should free up configuration at application closedown by
 calling
 .Xr CONF_modules_free 3 .
-.Sh RETURN VALUES
-Neither
-.Fn OPENSSL_config
-nor
-.Fn OPENSSL_no_config
-return a value.
 .Sh FILES
 .Bl -tag -width /etc/ssl/openssl.cnf -compact
 .It Pa /etc/ssl/openssl.cnf
@@ -146,7 +139,7 @@ standard configuration file
 .El
 .Sh SEE ALSO
 .Xr CONF_modules_free 3 ,
-.Xr CONF_modules_load 3 ,
+.Xr CONF_modules_load_file 3 ,
 .Xr OPENSSL_init_crypto 3 ,
 .Xr openssl.cnf 5
 .Sh HISTORY
@@ -154,19 +147,3 @@ standard configuration file
 and
 .Fn OPENSSL_no_config
 first appeared in OpenSSL 0.9.7.
-.Sh CAVEATS
-The
-.Fn OPENSSL_config
-function is designed to be a very simple "call it and forget it"
-function.
-As a result its behaviour is somewhat limited.
-It ignores all errors silently and it can only load from the standard
-configuration file location for example.
-.Pp
-It is however
-.Sy much
-better than nothing.
-Applications which need finer control over their configuration
-functionality should use the configuration functions such as
-.Xr CONF_modules_load 3
-directly.
author	schwarze <>	2018-03-17 20:18:44 +0000
committer	schwarze <>	2018-03-17 20:18:44 +0000
commit	fdc2ab736d85c8663197b0ef9dbca9e93976c000 (patch)
tree	4bb6e548761af12280be75e30d894fe3f2d2fc5c /src
parent	1df6e36c9d7eff0320ef36b1b8f08614c168f15f (diff)
download	openbsd-fdc2ab736d85c8663197b0ef9dbca9e93976c000.tar.gz openbsd-fdc2ab736d85c8663197b0ef9dbca9e93976c000.tar.bz2 openbsd-fdc2ab736d85c8663197b0ef9dbca9e93976c000.zip

diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3 index 3aa1944dab..6e2a1ef56f 100644 --- a/src/lib/libcrypto/man/OPENSSL_config.3 +++ b/src/lib/libcrypto/man/OPENSSL_config.3
@@ -1,8 +1,25 @@
1	.\" $OpenBSD: OPENSSL_config.3,v 1.7 2018/03/17 18:52:42 schwarze Exp $	1	.\" $OpenBSD: OPENSSL_config.3,v 1.8 2018/03/17 20:18:44 schwarze Exp $
2	.\" OpenSSL ab6577a4 May 14 21:07:51 2014 +0100	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file is a derived work.
5	.\" Copyright (c) 2000, 2004, 2005 The OpenSSL Project. All rights reserved.	5	.\" The changes are covered by the following Copyright and license:
		6	.\"
		7	.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
		8	.\"
		9	.\" Permission to use, copy, modify, and distribute this software for any
		10	.\" purpose with or without fee is hereby granted, provided that the above
		11	.\" copyright notice and this permission notice appear in all copies.
		12	.\"
		13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		20	.\"
		21	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
		22	.\" Copyright (c) 2004 The OpenSSL Project. All rights reserved.
6	.\"	23	.\"
7	.\" Redistribution and use in source and binary forms, with or without	24	.\" Redistribution and use in source and binary forms, with or without
8	.\" modification, are permitted provided that the following conditions	25	.\" modification, are permitted provided that the following conditions
@@ -54,32 +71,50 @@
54	.Sh NAME	71	.Sh NAME
55	.Nm OPENSSL_config ,	72	.Nm OPENSSL_config ,
56	.Nm OPENSSL_no_config	73	.Nm OPENSSL_no_config
57	.Nd simple OpenSSL configuration functions	74	.Nd old style crypto and ssl library initialization
58	.Sh SYNOPSIS	75	.Sh SYNOPSIS
59	.In openssl/conf.h	76	.In openssl/conf.h
60	.Ft void	77	.Ft void
61	.Fo OPENSSL_config	78	.Fo OPENSSL_config
62	.Fa "const char *config_name"	79	.Fa "const char *appname"
63	.Fc	80	.Fc
64	.Ft void	81	.Ft void
65	.Fn OPENSSL_no_config void	82	.Fn OPENSSL_no_config void
66	.Sh DESCRIPTION	83	.Sh DESCRIPTION
		84	These functions have been deprecated since OpenSSL 1.1.0.
		85	It is recommended to use
		86	.Xr CONF_modules_load_file 3
		87	instead of
67	.Fn OPENSSL_config	88	.Fn OPENSSL_config
68	configures OpenSSL using the standard	89	or
69	.Xr openssl.cnf 5	90	.Xr OPENSSL_init_crypto 3
70	configuration file name using	91	with
71	.Fa config_name .	92	.Dv OPENSSL_INIT_NO_LOAD_CONFIG
		93	instead of
		94	.Fn OPENSSL_no_config .
		95	Except to disable the standard configuration file, application programs
		96	do not need to call any library initialization function at all because
		97	LibreSSL does all the required initialization automatically, and so does
		98	OpenSSL 1.1.0 and later.
		99	.Pp
		100	.Fn OPENSSL_config
		101	initializes the crypto library, in particular calling
		102	.Xr OPENSSL_init_crypto 3
		103	and
		104	.Xr CONF_modules_load_file 3
		105	with the standard configuration file and the given
		106	.Fa appname .
72	If	107	If
73	.Fa config_name	108	.Fa appname
74	is	109	is
75	.Dv NULL	110	.Dv NULL ,
76	then the default name	111	then the default name
77	.Sy openssl_conf	112	.Sy openssl_conf
78	will be used.	113	is used.
79	Any errors are ignored.	114	Any errors are ignored.
80	Further calls to	115	Further calls to
81	.Fn OPENSSL_config	116	.Fn OPENSSL_config
82	will have no effect.	117	have no effect.
83	.Pp	118	.Pp
84	.Fn OPENSSL_no_config	119	.Fn OPENSSL_no_config
85	disables configuration.	120	disables configuration.
@@ -87,58 +122,16 @@ If called before
87	.Fn OPENSSL_config ,	122	.Fn OPENSSL_config ,
88	no configuration takes place.	123	no configuration takes place.
89	.Pp	124	.Pp
90	It is	125	If an application is compiled with the preprocessor symbol
91	.Sy strongly
92	recommended that
93	.Sy all
94	new applications call
95	.Fn OPENSSL_config
96	or the more sophisticated functions such as
97	.Xr CONF_modules_load 3
98	during initialization (that is before starting any threads).
99	By doing this, an application does not need to keep track of all
100	configuration options and some new functionality can be supported
101	automatically.
102	.Pp
103	It is also possible to automatically call
104	.Fn OPENSSL_config
105	when an application calls
106	.Xr OpenSSL_add_all_algorithms 3
107	by compiling an application with the preprocessor symbol
108	.Dv OPENSSL_LOAD_CONF	126	.Dv OPENSSL_LOAD_CONF
109	#define'd.	127	#define'd,
110	In this way configuration can be added without source changes.	128	.Xr OpenSSL_add_all_algorithms 3
111	.Pp	129	automatically calls
112	The environment variable	130	.Fn OPENSSL_config .
113	.Ev OPENSSL_CONF
114	can be set to specify the location of the configuration file.
115	.Pp
116	Currently ASN.1 OBJECT and ENGINE configuration can be performed.
117	.Pp
118	There are several reasons why calling the OpenSSL configuration routines
119	is advisable.
120	For example new ENGINE functionality was added to OpenSSL 0.9.7.
121	In OpenSSL 0.9.7 control functions can be supported by ENGINEs which can be
122	used (among other things) to load dynamic ENGINEs from shared libraries
123	(DSOs).
124	However very few applications currently support the control interface
125	and so very few can load and use dynamic ENGINEs.
126	Equally in future more sophisticated ENGINEs will require certain
127	control operations to customize them.
128	If an application calls
129	.Fn OPENSSL_config
130	it doesn't need to know or care about ENGINE control operations because
131	they can be performed by editing a configuration file.
132	.Pp	131	.Pp
133	Applications should free up configuration at application closedown by	132	Applications should free up configuration at application closedown by
134	calling	133	calling
135	.Xr CONF_modules_free 3 .	134	.Xr CONF_modules_free 3 .
136	.Sh RETURN VALUES
137	Neither
138	.Fn OPENSSL_config
139	nor
140	.Fn OPENSSL_no_config
141	return a value.
142	.Sh FILES	135	.Sh FILES
143	.Bl -tag -width /etc/ssl/openssl.cnf -compact	136	.Bl -tag -width /etc/ssl/openssl.cnf -compact
144	.It Pa /etc/ssl/openssl.cnf	137	.It Pa /etc/ssl/openssl.cnf
@@ -146,7 +139,7 @@ standard configuration file
146	.El	139	.El
147	.Sh SEE ALSO	140	.Sh SEE ALSO
148	.Xr CONF_modules_free 3 ,	141	.Xr CONF_modules_free 3 ,
149	.Xr CONF_modules_load 3 ,	142	.Xr CONF_modules_load_file 3 ,
150	.Xr OPENSSL_init_crypto 3 ,	143	.Xr OPENSSL_init_crypto 3 ,
151	.Xr openssl.cnf 5	144	.Xr openssl.cnf 5
152	.Sh HISTORY	145	.Sh HISTORY
@@ -154,19 +147,3 @@ standard configuration file
154	and	147	and
155	.Fn OPENSSL_no_config	148	.Fn OPENSSL_no_config
156	first appeared in OpenSSL 0.9.7.	149	first appeared in OpenSSL 0.9.7.
157	.Sh CAVEATS
158	The
159	.Fn OPENSSL_config
160	function is designed to be a very simple "call it and forget it"
161	function.
162	As a result its behaviour is somewhat limited.
163	It ignores all errors silently and it can only load from the standard
164	configuration file location for example.
165	.Pp
166	It is however
167	.Sy much
168	better than nothing.
169	Applications which need finer control over their configuration
170	functionality should use the configuration functions such as
171	.Xr CONF_modules_load 3
172	directly.