]>
Commit | Line | Data |
---|---|---|
22bb8c25 RS |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | openssl-env - OpenSSL environment variables | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | The OpenSSL libraries use environment variables to override the | |
10 | compiled-in default paths for various data. | |
11 | To avoid security risks, the environment is usually not consulted when | |
12 | the executable is set-user-ID or set-group-ID. | |
13 | ||
14 | =over 4 | |
15 | ||
16 | =item B<CTLOG_FILE> | |
17 | ||
18 | Specifies the path to a certificate transparency log list. | |
19 | See L<CTLOG_STORE_new(3)>. | |
20 | ||
21 | =item B<OPENSSL> | |
22 | ||
a8055c70 RS |
23 | Specifies the path to the B<openssl> executable. Used by |
24 | the B<rehash> script (see L<openssl-rehash(1)/Script Configuration>) | |
25 | and by the B<CA.pl> script (see L<CA.pl(1)/NOTES> | |
22bb8c25 | 26 | |
a8055c70 | 27 | =item B<OPENSSL_CONF>, B<OPENSSL_CONF_INCLUDE> |
22bb8c25 | 28 | |
a8055c70 RS |
29 | Specifies the path to a configuration file and the directory for |
30 | included files. | |
15795943 | 31 | See L<config(5)>. |
22bb8c25 | 32 | |
a8055c70 RS |
33 | =item B<OPENSSL_CONFIG> |
34 | ||
35 | Specifies a configuration option and filename for the B<req> and B<ca> | |
36 | commands invoked by the B<CA.pl> script. | |
37 | See L<CA.pl(1)>. | |
38 | ||
22bb8c25 RS |
39 | =item B<OPENSSL_ENGINES> |
40 | ||
41 | Specifies the directory from which dynamic engines are loaded. | |
42 | See L<openssl-engine(1)>. | |
43 | ||
44 | =item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES> | |
45 | ||
46 | If built with debugging, this allows memory allocation to fail. | |
fadb57e5 | 47 | See L<OPENSSL_malloc(3)>. |
22bb8c25 RS |
48 | |
49 | =item B<OPENSSL_MODULES> | |
50 | ||
51 | Specifies the directory from which cryptographic providers are loaded. | |
16b8862d | 52 | Equivalently, the generic B<-provider-path> command-line option may be used. |
22bb8c25 RS |
53 | |
54 | =item B<OPENSSL_WIN32_UTF8> | |
55 | ||
56 | If set, then L<UI_OpenSSL(3)> returns UTF-8 encoded strings, rather than | |
57 | ones encoded in the current code page, and | |
58 | the L<openssl(1)> program also transcodes the command-line parameters | |
59 | from the current code page to UTF-8. | |
60 | This environment variable is only checked on Microsoft Windows platforms. | |
61 | ||
62 | =item B<RANDFILE> | |
63 | ||
64 | The state file for the random number generator. | |
65 | This should not be needed in normal use. | |
66 | See L<RAND_load_file(3)>. | |
67 | ||
68 | =item B<SSL_CERT_DIR>, B<SSL_CERT_FILE> | |
69 | ||
70 | Specify the default directory or file containing CA certificates. | |
71 | See L<SSL_CTX_load_verify_locations(3)>. | |
72 | ||
73 | =item B<TSGET> | |
74 | ||
75 | Additional arguments for the L<tsget(1)> command. | |
76 | ||
360f6dcc | 77 | =item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap>, B<OPENSSL_riscvcap> |
7f649627 P |
78 | |
79 | OpenSSL supports a number of different algorithm implementations for | |
80 | various machines and, by default, it determines which to use based on the | |
81 | processor capabilities and run time feature enquiry. These environment | |
82 | variables can be used to exert more control over this selection process. | |
d3184110 | 83 | See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>. |
7f649627 P |
84 | |
85 | =item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY> | |
86 | ||
87 | Specify a proxy hostname. | |
88 | See L<OSSL_HTTP_parse_url(3)>. | |
89 | ||
82973bcf HL |
90 | =item B<QLOGDIR> |
91 | ||
de60b122 | 92 | Specifies a QUIC qlog output directory. See L<openssl-qlog(7)>. |
82973bcf HL |
93 | |
94 | =item B<OSSL_QFILTER> | |
95 | ||
de60b122 | 96 | Used to set a QUIC qlog filter specification. See L<openssl-qlog(7)>. |
82973bcf | 97 | |
22bb8c25 RS |
98 | =back |
99 | ||
100 | =head1 COPYRIGHT | |
101 | ||
b6461792 | 102 | Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. |
22bb8c25 RS |
103 | |
104 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
105 | this file except in compliance with the License. You can obtain a copy | |
106 | in the file LICENSE in the source distribution or at | |
107 | L<https://www.openssl.org/source/license.html>. | |
108 | ||
109 | =cut |