-.\" $OpenBSD: openssl.cnf.5,v 1.9 2023/10/21 14:05:49 tb Exp $
+.\" $OpenBSD: openssl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $
.\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100
.\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400
.\"
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 21 2023 $
+.Dd $Mdocdate: November 19 2023 $
.Dt OPENSSL.CNF 5
.Os
.Sh NAME
[openssl_init]
oid_section = new_oids
-engines = engine_section
[new_oids]
\&... new oids here ...
-
-[engine_section]
-\&... engine stuff here ...
.Ed
.Pp
The features of each configuration module are described below.
For example:
.Pp
.Dl shortName = some object long name, 1.2.3.4
-.Ss Engine Configuration Module
-This ENGINE configuration module has the name
-.Ic engines .
-The value of this variable points to a section containing further ENGINE
-configuration information.
-.Pp
-The section pointed to by
-.Ic engines
-is a table of engine names (though see
-.Ic engine_id
-below) and further sections containing configuration information
-specific to each ENGINE.
-.Pp
-Each ENGINE specific section is used to set default algorithms, load
-dynamic ENGINEs, perform initialization and send ctrls.
-The actual operation performed depends on the command
-name which is the name of the name value pair.
-The currently supported commands are listed below.
-.Pp
-For example:
-.Bd -literal -offset indent
-[engine_section]
-# Configure ENGINE named "foo"
-foo = foo_section
-# Configure ENGINE named "bar"
-bar = bar_section
-
-[foo_section]
-\&... foo ENGINE specific commands ...
-
-[bar_section]
-\&... "bar" ENGINE specific commands ...
-.Ed
-.Pp
-The command
-.Ic engine_id
-is used to give the ENGINE name.
-If used, this command must be first.
-For example:
-.Bd -literal -offset indent
-[engine_section]
-# This would normally handle an ENGINE named "foo"
-foo = foo_section
-
-[foo_section]
-# Override default name and use "myfoo" instead.
-engine_id = myfoo
-.Ed
-.Pp
-The command
-.Ic dynamic_path
-loads and adds an ENGINE from the given path.
-It is equivalent to sending the ctrls
-.Sy SO_PATH
-with the path argument followed by
-.Sy LIST_ADD
-with value 2 and
-.Sy LOAD
-to the dynamic ENGINE.
-If this is not the required behaviour then alternative ctrls can be sent
-directly to the dynamic ENGINE using ctrl commands.
-.Pp
-The command
-.Ic init
-determines whether to initialize the ENGINE.
-If the value is 0, the ENGINE will not be initialized.
-If it is 1, an attempt is made to initialized the ENGINE immediately.
-If the
-.Ic init
-command is not present, then an attempt will be made to initialize
-the ENGINE after all commands in its section have been processed.
-.Pp
-The command
-.Ic default_algorithms
-sets the default algorithms an ENGINE will supply using the functions
-.Xr ENGINE_set_default_string 3 .
-.Pp
-If the name matches none of the above command names, it is assumed
-to be a ctrl command which is sent to the ENGINE.
-The value of the command is the argument to the ctrl command.
-If the value is the string
-.Cm EMPTY ,
-then no value is sent to the command.
-.Pp
-For example:
-.Bd -literal -offset indent
-[engine_section]
-# Configure ENGINE named "foo"
-foo = foo_section
-
-[foo_section]
-# Load engine from DSO
-dynamic_path = /some/path/fooengine.so
-# A foo specific ctrl.
-some_ctrl = some_value
-# Another ctrl that doesn't take a value.
-other_ctrl = EMPTY
-# Supply all default algorithms
-default_algorithms = ALL
-.Ed
.Sh FILES
.Bl -tag -width /etc/ssl/openssl.cnf -compact
.It Pa /etc/ssl/openssl.cnf
projects / openbsd / commitdiff