OPENSSL_config(3) OpenSSL OPENSSL_config(3)
OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration
void OPENSSL_config(const char *config_name);
OPENSSL_config() configures OpenSSL using the standard openssl.cnf
configuration file name using config_name. If config_name is NULL then
the default name openssl_conf will be used. Any errors are ignored.
Further calls to OPENSSL_config() will have no effect. The
configuration file format is documented in the conf(5) manual page.
OPENSSL_no_config() disables configuration. If called before
OPENSSL_config() no configuration takes place.
It is strongly recommended that all new applications call
OPENSSL_config() or the more sophisticated functions such as
CONF_modules_load() during initialization (that is before starting any
threads). By doing this an application does not need to keep track of
all configuration options and some new functionality can be supported
It is also possible to automatically call OPENSSL_config() when an
application calls OPENSSL_add_all_algorithms() by compiling an
application with the preprocessor symbol OPENSSL_LOAD_CONF #define'd.
In this way configuration can be added without source changes.
The environment variable OPENSSL_CONF can be set to specify the
location of the configuration file.
Currently ASN1 OBJECTs and ENGINE configuration can be performed future
versions of OpenSSL will add new configuration options.
There are several reasons why calling the OpenSSL configuration
routines is advisable. For example new ENGINE functionality was added
to OpenSSL 0.9.7. In OpenSSL 0.9.7 control functions can be supported
by ENGINEs, this can be used (among other things) to load dynamic
ENGINEs from shared libraries (DSOs). However very few applications
currently support the control interface and so very few can load and
use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will
require certain control operations to customize them. If an application
calls OPENSSL_config() it doesn't need to know or care about ENGINE
control operations because they can be performed by editing a
Applications should free up configuration at application closedown by
The OPENSSL_config() function is designed to be a very simple "call it
and forget it" function. As a result its behaviour is somewhat limited.
It ignores all errors silently and it can only load from the standard
configuration file location for example.
It is however much better than nothing. Applications which need finer
control over their configuration functionality should use the
configuration functions such as CONF_load_modules() directly.
Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
conf(5), CONF_load_modules_file(3), CONF_modules_free(3)
OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL
1.0.1i 2014-06-05 OPENSSL_config(3)