[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon Jan 26 02:08:59 UTC 2015
The branch master has been updated
via abdd677125f3a9e3082f8c5692203590fdb9b860 (commit)
from 8de24b792743d11e1d5a0dcd336a49368750c577 (commit)
- Log -----------------------------------------------------------------
commit abdd677125f3a9e3082f8c5692203590fdb9b860
Author: Rich Salz <rsalz at openssl.org>
Date: Sun Jan 25 21:07:20 2015 -0500
Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored. Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/conf/conf_sap.c | 18 ++----------------
doc/crypto/OPENSSL_config.pod | 10 ++++------
2 files changed, 6 insertions(+), 22 deletions(-)
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index a3e7896..544fe97 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -86,24 +86,10 @@ void OPENSSL_config(const char *config_name)
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
- /* Add others here? */
-
ERR_clear_error();
- if (CONF_modules_load_file(NULL, config_name,
+ CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION |
- CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
- BIO *bio_err;
- ERR_load_crypto_strings();
- if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
- BIO_printf(bio_err, "Auto configuration failed\n");
- ERR_print_errors(bio_err);
- BIO_free(bio_err);
- }
- fprintf(stderr, "OpenSSL could not auto-configure.\n");
- exit(1);
- }
-
- return;
+ CONF_MFLAGS_IGNORE_MISSING_FILE);
}
void OPENSSL_no_config()
diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
index fefe293..91d61f3 100644
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -17,8 +17,7 @@ OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
configuration file name using B<config_name>. If B<config_name> is NULL then
the file specified in the environment variable B<OPENSSL_CONF> will be used,
and if that is not set then a system default location is used.
-In case of error, a message is printed to B<stderr> and the routine
-exit's.
+Errors are silently ignored.
Multiple calls have no effect.
OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
@@ -37,10 +36,9 @@ The OPENSSL_config() function is designed to be a very simple "call it and
forget it" function.
It is however B<much> better than nothing. Applications which need finer
control over their configuration functionality should use the configuration
-functions such as CONF_modules_load() directly.
-
-It is B<strongly> recommended that B<all> new applications call
-CONF_modules_load() during
+functions such as CONF_modules_load() directly. This function is deprecated
+and its use should be avoided.
+Applications should instead call CONF_modules_load() during
initialization (that is before starting any threads).
There are several reasons why calling the OpenSSL configuration routines is
More information about the openssl-commits
mailing list