aboutsummaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/man5/config.5
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/man5/config.5')
-rw-r--r--secure/lib/libcrypto/man/man5/config.565
1 files changed, 34 insertions, 31 deletions
diff --git a/secure/lib/libcrypto/man/man5/config.5 b/secure/lib/libcrypto/man/man5/config.5
index 9815f4de5393..67c96360cc97 100644
--- a/secure/lib/libcrypto/man/man5/config.5
+++ b/secure/lib/libcrypto/man/man5/config.5
@@ -1,5 +1,5 @@
.\" -*- mode: troff; coding: utf-8 -*-
-.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -52,10 +52,13 @@
. \}
.\}
.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
.\" ========================================================================
.\"
.IX Title "CONFIG 5ossl"
-.TH CONFIG 5ossl 2025-09-30 3.5.4 OpenSSL
+.TH CONFIG 5ossl 2026-04-07 3.5.6 OpenSSL
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -80,7 +83,7 @@ The syntax for defining ASN.1 values is described in
A configuration file is a series of lines. Blank lines, and whitespace
between the elements of a line, have no significance. A comment starts
with a \fB#\fR character; the rest of the line is ignored. If the \fB#\fR
-is the first non-space character in a line, the entire line is ignored.
+is the first non\-space character in a line, the entire line is ignored.
.SS Directives
.IX Subsection "Directives"
Two directives can be used to control the parsing of configuration files:
@@ -100,7 +103,7 @@ If \fBpathname\fR is a simple filename, that file is included directly at
that point. Included files can have \fB.include\fR statements that specify
other files. If \fBpathname\fR is a directory, all files within that directory
that have a \f(CW\*(C`.cnf\*(C'\fR or \f(CW\*(C`.conf\*(C'\fR extension will be included. (This is only
-available on systems with POSIX IO support.) Any sub-directories found
+available on systems with POSIX IO support.) Any sub\-directories found
inside the \fBpathname\fR are \fBignored\fR. Similarly, if a file is opened
while scanning a directory, and that file has an \fB.include\fR directive
that specifies a directory, that is also ignored.
@@ -135,7 +138,7 @@ done with the following directive:
The default behavior, where the \fBvalue\fR is \fBfalse\fR or \fBoff\fR, is to treat
the dollarsign as indicating a variable name; \f(CW\*(C`foo$bar\*(C'\fR is interpreted as
\&\f(CW\*(C`foo\*(C'\fR followed by the expansion of the variable \f(CW\*(C`bar\*(C'\fR. If \fBvalue\fR is
-\&\fBtrue\fR or \fBon\fR, then \f(CW\*(C`foo$bar\*(C'\fR is a single seven-character name and
+\&\fBtrue\fR or \fBon\fR, then \f(CW\*(C`foo$bar\*(C'\fR is a single seven\-character name and
variable expansions must be specified using braces or parentheses.
.PP
.Vb 1
@@ -143,7 +146,7 @@ variable expansions must be specified using braces or parentheses.
.Ve
.PP
If a relative pathname is specified in the \fB.include\fR directive, and
-the \fBOPENSSL_CONF_INCLUDE\fR environment variable doesn't exist, then
+the \fBOPENSSL_CONF_INCLUDE\fR environment variable doesn\*(Aqt exist, then
the value of the \fBincludedir\fR pragma, if it exists, is prepended to the
pathname.
.SS Settings
@@ -211,7 +214,7 @@ to the configuration file, but are not propagated to the environment.
.PP
It is an error if the value ends up longer than 64k.
.PP
-It is possible to escape certain characters by using a single \fB'\fR or
+It is possible to escape certain characters by using a single \fB\*(Aq\fR or
double \fB"\fR quote around the value, or using a backslash \fB\e\fR before the
character,
By making the last character of a line a \fB\e\fR
@@ -281,10 +284,10 @@ is used to specify the individual sections.
.SS "ASN.1 Object Identifier Configuration"
.IX Subsection "ASN.1 Object Identifier Configuration"
The name \fBoid_section\fR in the initialization section names the section
-containing name/value pairs of OID's.
+containing name/value pairs of OID\*(Aqs.
The name is the short name; the value is an optional long name followed
by a comma, and the numeric value.
-While some OpenSSL commands have their own section for specifying OID's,
+While some OpenSSL commands have their own section for specifying OID\*(Aqs,
this section makes them available to all commands and applications.
.PP
.Vb 4
@@ -313,7 +316,7 @@ showing that the OID "newoid1" has been added as "1.2.3.4.1".
The name \fBproviders\fR in the initialization section names the section
containing cryptographic provider configuration. The name/value assignments
in this section each name a provider, and point to the configuration section
-for that provider. The provider-specific section is used to specify how
+for that provider. The provider\-specific section is used to specify how
to load the module, activate it, and set other parameters.
.PP
Within a provider section, the following names have meaning:
@@ -348,7 +351,7 @@ activate this setting, while a value of 0, no, false, or off (again in lower or
uppercase) will disable this setting. Any other value will produce an error.
Note this setting defaults to off if not provided
.PP
-All parameters in the section as well as sub-sections are made
+All parameters in the section as well as sub\-sections are made
available to the provider.
.PP
\fIDefault provider and its activation\fR
@@ -403,7 +406,7 @@ section with the configuration for that name. For example:
.PP
The configuration name \fBsystem_default\fR has a special meaning. If it
exists, it is applied whenever an \fBSSL_CTX\fR object is created. For example,
-to impose system-wide minimum TLS and DTLS protocol versions:
+to impose system\-wide minimum TLS and DTLS protocol versions:
.PP
.Vb 3
\& [tls_system_default]
@@ -411,8 +414,8 @@ to impose system-wide minimum TLS and DTLS protocol versions:
\& MinProtocol = DTLSv1.2
.Ve
.PP
-The minimum TLS protocol is applied to \fBSSL_CTX\fR objects that are TLS-based,
-and the minimum DTLS protocol to those are DTLS-based.
+The minimum TLS protocol is applied to \fBSSL_CTX\fR objects that are TLS\-based,
+and the minimum DTLS protocol to those are DTLS\-based.
The same applies also to maximum versions set with \fBMaxProtocol\fR.
.PP
Each configuration section consists of name/value pairs that are parsed
@@ -433,7 +436,7 @@ The name \fBengines\fR in the initialization section names the section
containing the list of ENGINE configurations.
As with the providers, each name in this section identifies an engine
with the configuration for that engine.
-The engine-specific section is used to specify how to load the engine,
+The engine\-specific section is used to specify how to load the engine,
activate it, and set other parameters.
.PP
Within an engine section, the following names have meaning:
@@ -503,25 +506,25 @@ For example:
.Sp
The available random bit generators are:
.RS 4
-.IP \fBCTR-DRBG\fR 4
+.IP \fBCTR\-DRBG\fR 4
.IX Item "CTR-DRBG"
.PD 0
-.IP \fBHASH-DRBG\fR 4
+.IP \fBHASH\-DRBG\fR 4
.IX Item "HASH-DRBG"
-.IP \fBHMAC-DRBG\fR 4
+.IP \fBHMAC\-DRBG\fR 4
.IX Item "HMAC-DRBG"
+.PD
.RE
.RS 4
.RE
.IP \fBcipher\fR 4
.IX Item "cipher"
-.PD
-This specifies what cipher a \fBCTR-DRBG\fR random bit generator will use.
+This specifies what cipher a \fBCTR\-DRBG\fR random bit generator will use.
Other random bit generators ignore this name.
The default value is \fBAES\-256\-CTR\fR.
.IP \fBdigest\fR 4
.IX Item "digest"
-This specifies what digest the \fBHASH-DRBG\fR or \fBHMAC-DRBG\fR random bit
+This specifies what digest the \fBHASH\-DRBG\fR or \fBHMAC\-DRBG\fR random bit
generators will use. Other random bit generators ignore this name.
.IP \fBproperties\fR 4
.IX Item "properties"
@@ -529,7 +532,7 @@ This sets the property query used when fetching the random bit generator and
any underlying algorithms.
.IP \fBseed\fR 4
.IX Item "seed"
-This sets the randomness source that should be used. By default \fBSEED-SRC\fR
+This sets the randomness source that should be used. By default \fBSEED\-SRC\fR
will be used outside of the FIPS provider. The FIPS provider uses call backs
to access the same randomness sources from outside the validated boundary.
.IP \fBseed_properties\fR 4
@@ -537,9 +540,9 @@ to access the same randomness sources from outside the validated boundary.
This sets the property query used when fetching the randomness source.
.IP \fBrandom_provider\fR 4
.IX Item "random_provider"
-This sets the provider to use for the \fBRAND_bytes\fR\|(3) calls instead of the built-in
+This sets the provider to use for the \fBRAND_bytes\fR\|(3) calls instead of the built\-in
entropy sources. It defaults to "fips". If the named provider is not loaded, the
-built-in entropy sources will be used.
+built\-in entropy sources will be used.
.SH EXAMPLES
.IX Header "EXAMPLES"
This example shows how to use quoting and escaping.
@@ -596,15 +599,15 @@ This example shows how to enforce FIPS mode for the application
.IP \fBOPENSSL_CONF\fR 4
.IX Item "OPENSSL_CONF"
The path to the config file, or the empty string for none.
-Ignored in set-user-ID and set-group-ID programs.
+Ignored in set\-user\-ID and set\-group\-ID programs.
.IP \fBOPENSSL_ENGINES\fR 4
.IX Item "OPENSSL_ENGINES"
The path to the engines directory.
-Ignored in set-user-ID and set-group-ID programs.
+Ignored in set\-user\-ID and set\-group\-ID programs.
.IP \fBOPENSSL_MODULES\fR 4
.IX Item "OPENSSL_MODULES"
The path to the directory with OpenSSL modules, such as providers.
-Ignored in set-user-ID and set-group-ID programs.
+Ignored in set\-user\-ID and set\-group\-ID programs.
.IP \fBOPENSSL_CONF_INCLUDE\fR 4
.IX Item "OPENSSL_CONF_INCLUDE"
The optional path to prepend to all \fB.include\fR paths.
@@ -613,8 +616,8 @@ The optional path to prepend to all \fB.include\fR paths.
There is no way to include characters using the octal \fB\ennn\fR form. Strings
are all null terminated so nulls cannot form part of the value.
.PP
-The escaping isn't quite right: if you want to use sequences like \fB\en\fR
-you can't use any quote escaping on the same line.
+The escaping isn\*(Aqt quite right: if you want to use sequences like \fB\en\fR
+you can\*(Aqt use any quote escaping on the same line.
.PP
The limit that only one directory can be opened and read at a time
can be considered a bug and should be fixed.
@@ -624,8 +627,8 @@ An undocumented API, \fBNCONF_WIN32()\fR, used a slightly different set
of parsing rules there were intended to be tailored to
the Microsoft Windows platform.
Specifically, the backslash character was not an escape character and
-could be used in pathnames, only the double-quote character was recognized,
-and comments began with a semi-colon.
+could be used in pathnames, only the double\-quote character was recognized,
+and comments began with a semi\-colon.
This function was deprecated in OpenSSL 3.0; applications with
configuration files using that syntax will have to be modified.
.SH "SEE ALSO"
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-21 16:59:52 +0000