The meaning of the value is module specific: it may, for example, represent a further configuration section containing configuration module specific information.
The name represents the name of the configuration module.
The configuration section should consist of a set of name value pairs which contain specific module configuration information. All library configuration lines appear in the default section at the start of the configuration file. Other applications may use an alternative name such as myapplication_conf. The default name is openssl_conf which is used by the openssl utility. To enable library configuration the default section needs to contain an appropriate line which points to the main configuration section. The openssl utility includes this functionality: any sub command uses the master OpenSSL configuration file unless an option is used in the sub command to use an alternative configuration file. Openssl Library ConfigurationĪpplications can automatically configure certain aspects of OpenSSL using the master OpenSSL configuration file, or optionally an alternative configuration file. In addition the sequences \n, \r, \b and \t are recognized.Īll expansion and escape rules as described above that apply to value also apply to the path of the. By making the last character of a line a \ a value string can be spread across multiple lines. It is possible to escape certain characters by using any kind of quote or the \ character. The value string must not exceed 64k in length after variable expansion. It is also possible to assign values to environment variables by using the name ENV::name, this will work if the program looks up environment variables using the CONF library instead of calling getenv() directly. By using the form $ENV::name environment variables can be substituted. This can be done by including the form $var or $. The value string undergoes variable expansion. The value string consists of the string following the = character until end of line with any leading and trailing white space removed. The name string can contain any alphanumeric characters as well as a few punctuation symbols such as. They would bail out with error if the = character is not present but with it they just ignore the include.Įach section in a configuration file consists of a number of name and value pairs of the form name=value include directive and the path which can be useful in cases the configuration file needs to be loaded by old OpenSSL versions which do not support the. There can be optional = character and whitespace characters between. include directive is application specific the inclusion will not work as expected. Relative paths are evaluated based on the application current working directory so unless the configuration file containing the. It is strongly recommended to use absolute paths with the. The inclusion of directories is not supported on systems without POSIX IO support. include directives but only inclusion of regular files is supported there. That means the files in the included directory can also contain. Recursive inclusion of directories from files in such directory is not supported. If the path points to a directory all files with names ending with. The environment is mapped onto a section called ENV.Ĭomments can be included by preceding them with the # character When a name is being looked up it is first looked up in a named section (if any) and then the default section. This section is usually unnamed and spans from the start of file until the first named section. The first section of a configuration file is special and is referred to as the default section. A section name can consist of alphanumeric characters and underscores. Each section starts with a line and ends when a new section is started or end of file is reached. OpenSSL applications can also use the CONF library for their own purposes.Ī configuration file is divided into a number of sections. It is used for the OpenSSL master configuration file openssl.cnf and in a few other places like SPKAC files and certificate extension files for the x509 utility. The OpenSSL CONF library can be used to read configuration files. Config - OpenSSL CONF library configuration files Description