[thirdparty/openssl.git] / doc / man3 / SSL_CTX_config.pod

=pod

=head1 NAME

SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_CTX_config(SSL_CTX *ctx, const char *name);
 int SSL_config(SSL *s, const char *name);

=head1 DESCRIPTION

The functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or
B<SSL> structure using the configuration B<name>.

=head1 NOTES

By calling SSL_CTX_config() or SSL_config() an application can perform many
complex tasks based on the contents of the configuration file: greatly
simplifying application configuration code. A degree of future proofing
can also be achieved: an application can support configuration features
in newer versions of OpenSSL automatically.

A configuration file must have been previously loaded, for example using
CONF_modules_load_file(). See L<config(5)> for details of the configuration
file syntax.

=head1 RETURN VALUES

SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error
occurred.

=head1 EXAMPLES

If the file "config.cnf" contains the following:

 testapp = test_sect

 [test_sect]
 # list of configuration modules

 ssl_conf = ssl_sect

 [ssl_sect]
 server = server_section

 [server_section]
 RSA.Certificate = server-rsa.pem
 ECDSA.Certificate = server-ecdsa.pem
 Ciphers = ALL:!RC4

An application could call:

 if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
     fprintf(stderr, "Error processing config file\n");
     goto err;
 }

 ctx = SSL_CTX_new(TLS_server_method());

 if (SSL_CTX_config(ctx, "server") == 0) {
     fprintf(stderr, "Error configuring server.\n");
     goto err;
 }

In this example two certificates and the cipher list are configured without
the need for any additional application code.

=head1 SEE ALSO

L<ssl(7)>,
L<config(5)>,
L<SSL_CONF_cmd(3)>,
L<CONF_modules_load_file(3)>

=head1 HISTORY

The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.

=head1 COPYRIGHT

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
913592d2 DSH	1	=pod
	2
	3	=head1 NAME
	4
bb9ad09e	5	SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure
913592d2 DSH	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/ssl.h>
	10
	11	int SSL_CTX_config(SSL_CTX ctx, const char name);
	12	int SSL_config(SSL s, const char name);
	13
	14	=head1 DESCRIPTION
	15
	16	The functions SSL_CTX_config() and SSL_config() configure an B<SSL_CTX> or
	17	B<SSL> structure using the configuration B<name>.
	18
	19	=head1 NOTES
	20
	21	By calling SSL_CTX_config() or SSL_config() an application can perform many
	22	complex tasks based on the contents of the configuration file: greatly
	23	simplifying application configuration code. A degree of future proofing
	24	can also be achieved: an application can support configuration features
	25	in newer versions of OpenSSL automatically.
	26
	27	A configuration file must have been previously loaded, for example using
b97fdb57	28	CONF_modules_load_file(). See L<config(5)> for details of the configuration
913592d2 DSH	29	file syntax.
	30
	31	=head1 RETURN VALUES
	32
	33	SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error
	34	occurred.
	35
cda77422	36	=head1 EXAMPLES
913592d2 DSH	37
	38	If the file "config.cnf" contains the following:
	39
	40	testapp = test_sect
	41
	42	[test_sect]
27b138e9 JS	43	# list of configuration modules
27b138e9 JS	44
913592d2 DSH	45	ssl_conf = ssl_sect
	46
	47	[ssl_sect]
913592d2 DSH	48	server = server_section
	49
	50	[server_section]
913592d2 DSH	51	RSA.Certificate = server-rsa.pem
	52	ECDSA.Certificate = server-ecdsa.pem
	53	Ciphers = ALL:!RC4
	54
	55	An application could call:
	56
	57	if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
2947af32 BB	58	fprintf(stderr, "Error processing config file\n");
2947af32 BB	59	goto err;
913592d2 DSH	60	}
	61
	62	ctx = SSL_CTX_new(TLS_server_method());
	63
	64	if (SSL_CTX_config(ctx, "server") == 0) {
	65	fprintf(stderr, "Error configuring server.\n");
	66	goto err;
	67	}
	68
	69	In this example two certificates and the cipher list are configured without
	70	the need for any additional application code.
	71
	72	=head1 SEE ALSO
	73
98ca37e4	74	L<ssl(7)>,
b97fdb57	75	L<config(5)>,
913592d2 DSH	76	L<SSL_CONF_cmd(3)>,
	77	L<CONF_modules_load_file(3)>
	78
	79	=head1 HISTORY
	80
fc5ecadd	81	The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.
913592d2	82
e2f92610 RS	83	=head1 COPYRIGHT
	84
	85	Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	86
4746f25a	87	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	88	this file except in compliance with the License. You can obtain a copy
	89	in the file LICENSE in the source distribution or at
	90	L<https://www.openssl.org/source/license.html>.
	91
	92	=cut