[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Rich Salz rsalz at openssl.org
Mon Jan 26 02:12:15 UTC 2015 

The branch OpenSSL_1_0_2-stable has been updated
       via  6d09851694949a52b9075bf8c2feb54b54d27b51 (commit)
      from  63c1d16bb85566fa3cdb13df321037a22f117957 (commit)


- Log -----------------------------------------------------------------
commit 6d09851694949a52b9075bf8c2feb54b54d27b51
Author: Rich Salz <rsalz at openssl.org>
Date:   Sun Jan 25 21:12:01 2015 -0500

    Make OPENSSL_config truly ignore errors.
    
    Per discussion: should not exit. Should not print to stderr.
    Errors are ignored.  Updated doc to reflect that, and the fact
    that this function is to be avoided.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)

-----------------------------------------------------------------------

Summary of changes:
 crypto/conf/conf_sap.c        |   17 ++---------------
 doc/crypto/OPENSSL_config.pod |   42 ++++++++++++-----------------------------
 2 files changed, 14 insertions(+), 45 deletions(-)

diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index d03de24..544fe97 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name)
     /* Need to load ENGINEs */
     ENGINE_load_builtin_engines();
 #endif
-    /* Add others here? */
-
     ERR_clear_error();
-    if (CONF_modules_load_file(NULL, config_name,
+    CONF_modules_load_file(NULL, config_name,
                                CONF_MFLAGS_DEFAULT_SECTION |
-                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
-        BIO *bio_err;
-        ERR_load_crypto_strings();
-        if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
-            BIO_printf(bio_err, "Auto configuration failed\n");
-            ERR_print_errors(bio_err);
-            BIO_free(bio_err);
-        }
-        exit(1);
-    }
-
-    return;
+                               CONF_MFLAGS_IGNORE_MISSING_FILE);
 }
 
 void OPENSSL_no_config()
diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
index 888de88..2d25b26 100644
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -15,31 +15,24 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
 
 OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
 configuration file name using B<config_name>. If B<config_name> is NULL then
-the default name B<openssl_conf> will be used. Any errors are ignored. Further
-calls to OPENSSL_config() will have no effect. The configuration file format
-is documented in the L<conf(5)|conf(5)> manual page.
+the file specified in the environment variable B<OPENSSL_CONF> will be used,
+and if that is not set then a system default location is used.
+Errors are silently ignored.
+Multiple calls have no effect.
 
 OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
 no configuration takes place.
 
 =head1 NOTES
 
-It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
-or the more sophisticated functions such as CONF_modules_load() during
-initialization (that is before starting any threads). By doing this
-an application does not need to keep track of all configuration options
-and some new functionality can be supported automatically.
-
-It is also possible to automatically call OPENSSL_config() when an application
-calls OPENSSL_add_all_algorithms() by compiling an application with the
-preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
-can be added without source changes.
-
-The environment variable B<OPENSSL_CONF> can be set to specify the location
-of the configuration file.
- 
-Currently ASN1 OBJECTs and ENGINE configuration can be performed future
-versions of OpenSSL will add new configuration options.
+The OPENSSL_config() function is designed to be a very simple "call it and
+forget it" function.
+It is however B<much> better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as CONF_modules_load() directly. This function is deprecated
+and its use should be avoided.
+Applications should instead call CONF_modules_load() during
+initialization (that is before starting any threads).
 
 There are several reasons why calling the OpenSSL configuration routines is
 advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
@@ -55,17 +48,6 @@ configuration file.
 Applications should free up configuration at application closedown by calling
 CONF_modules_free().
 
-=head1 RESTRICTIONS
-
-The OPENSSL_config() function is designed to be a very simple "call it and
-forget it" function. As a result its behaviour is somewhat limited. It ignores
-all errors silently and it can only load from the standard configuration file
-location for example.
-
-It is however B<much> better than nothing. Applications which need finer
-control over their configuration functionality should use the configuration
-functions such as CONF_load_modules() directly.
-
 =head1 RETURN VALUES
 
 Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

More information about the openssl-commits mailing list