aboutsummaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/man7/openssl-env.7
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/man7/openssl-env.7')
-rw-r--r--secure/lib/libcrypto/man/man7/openssl-env.7240
1 files changed, 240 insertions, 0 deletions
diff --git a/secure/lib/libcrypto/man/man7/openssl-env.7 b/secure/lib/libcrypto/man/man7/openssl-env.7
new file mode 100644
index 000000000000..6a4f1ae42520
--- /dev/null
+++ b/secure/lib/libcrypto/man/man7/openssl-env.7
@@ -0,0 +1,240 @@
+.\" -*- mode: troff; coding: utf-8 -*-
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
+.ie n \{\
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+. \}
+.\}
+.rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL-ENV 7ossl"
+.TH OPENSSL-ENV 7ossl 2026-04-07 3.5.6 OpenSSL
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH NAME
+openssl\-env \- OpenSSL environment variables
+.SH DESCRIPTION
+.IX Header "DESCRIPTION"
+The OpenSSL libraries use environment variables to override the
+compiled\-in default paths for various data.
+To avoid security risks, the environment is usually not consulted when
+the executable is set\-user\-ID or set\-group\-ID.
+.IP \fBCTLOG_FILE\fR 4
+.IX Item "CTLOG_FILE"
+Specifies the path to a certificate transparency log list.
+See \fBCTLOG_STORE_new\fR\|(3).
+.IP \fBOPENSSL\fR 4
+.IX Item "OPENSSL"
+Specifies the path to the \fBopenssl\fR executable. Used by
+the \fBrehash\fR script (see "Script Configuration" in \fBopenssl\-rehash\fR\|(1))
+and by the \fBCA.pl\fR script (see "NOTES" in \fBCA.pl\fR\|(1)
+.IP "\fBOPENSSL_CONF\fR, \fBOPENSSL_CONF_INCLUDE\fR" 4
+.IX Item "OPENSSL_CONF, OPENSSL_CONF_INCLUDE"
+Specifies the path to a configuration file and the directory for
+included files.
+See \fBconfig\fR\|(5).
+.IP \fBOPENSSL_CONFIG\fR 4
+.IX Item "OPENSSL_CONFIG"
+Specifies a configuration option and filename for the \fBreq\fR and \fBca\fR
+commands invoked by the \fBCA.pl\fR script.
+See \fBCA.pl\fR\|(1).
+.IP \fBOPENSSL_ENGINES\fR 4
+.IX Item "OPENSSL_ENGINES"
+Specifies the directory from which dynamic engines are loaded.
+See \fBopenssl\-engine\fR\|(1).
+.IP "\fBOPENSSL_MALLOC_FD\fR, \fBOPENSSL_MALLOC_FAILURES\fR" 4
+.IX Item "OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES"
+If built with debugging, this allows memory allocation to fail.
+See \fBOPENSSL_malloc\fR\|(3).
+.IP \fBOPENSSL_MODULES\fR 4
+.IX Item "OPENSSL_MODULES"
+Specifies the directory from which cryptographic providers are loaded.
+Equivalently, the generic \fB\-provider\-path\fR command\-line option may be used.
+.IP \fBOPENSSL_TRACE\fR 4
+.IX Item "OPENSSL_TRACE"
+By default the OpenSSL trace feature is disabled statically.
+To enable it, OpenSSL must be built with tracing support,
+which may be configured like this: \f(CW\*(C`./config enable\-trace\*(C'\fR
+.Sp
+Unless OpenSSL tracing support is generally disabled,
+enable trace output of specific parts of OpenSSL libraries, by name.
+This output usually makes sense only if you know OpenSSL internals well.
+.Sp
+The value of this environment variable is a comma\-separated list of names,
+with the following available:
+.IP \fBOPENSSL_RUNNING_UNIT_TESTS\fR 4
+.IX Item "OPENSSL_RUNNING_UNIT_TESTS"
+This environment variable is used to flag the fact that unit tests are being run
+(i.e. \`make test\`). It is used to detect when the OpenSSL should behave in a special
+manner during unit tests (i.e. when unit tests are being run on fuzzing builds). It should
+generally not be set by users.
+.RS 4
+.IP \fBTRACE\fR 4
+.IX Item "TRACE"
+Traces the OpenSSL trace API itself.
+.IP \fBINIT\fR 4
+.IX Item "INIT"
+Traces OpenSSL library initialization and cleanup.
+.IP \fBTLS\fR 4
+.IX Item "TLS"
+Traces the TLS/SSL protocol.
+.IP \fBTLS_CIPHER\fR 4
+.IX Item "TLS_CIPHER"
+Traces the ciphers used by the TLS/SSL protocol.
+.IP \fBCONF\fR 4
+.IX Item "CONF"
+Show details about provider and engine configuration.
+.IP \fBENGINE_TABLE\fR 4
+.IX Item "ENGINE_TABLE"
+The function that is used by RSA, DSA (etc) code to select registered
+ENGINEs, cache defaults and functional references (etc), will generate
+debugging summaries.
+.IP \fBENGINE_REF_COUNT\fR 4
+.IX Item "ENGINE_REF_COUNT"
+Reference counts in the ENGINE structure will be monitored with a line
+of generated for each change.
+.IP \fBPKCS5V2\fR 4
+.IX Item "PKCS5V2"
+Traces PKCS#5 v2 key generation.
+.IP \fBPKCS12_KEYGEN\fR 4
+.IX Item "PKCS12_KEYGEN"
+Traces PKCS#12 key generation.
+.IP \fBPKCS12_DECRYPT\fR 4
+.IX Item "PKCS12_DECRYPT"
+Traces PKCS#12 decryption.
+.IP \fBX509V3_POLICY\fR 4
+.IX Item "X509V3_POLICY"
+Generates the complete policy tree at various points during X.509 v3
+policy evaluation.
+.IP \fBBN_CTX\fR 4
+.IX Item "BN_CTX"
+Traces BIGNUM context operations.
+.IP \fBCMP\fR 4
+.IX Item "CMP"
+Traces CMP client and server activity.
+.IP \fBSTORE\fR 4
+.IX Item "STORE"
+Traces STORE operations.
+.IP \fBDECODER\fR 4
+.IX Item "DECODER"
+Traces decoder operations.
+.IP \fBENCODER\fR 4
+.IX Item "ENCODER"
+Traces encoder operations.
+.IP \fBREF_COUNT\fR 4
+.IX Item "REF_COUNT"
+Traces decrementing certain ASN.1 structure references.
+.IP \fBHTTP\fR 4
+.IX Item "HTTP"
+Traces the HTTP client and server, such as messages being sent and received.
+.RE
+.RS 4
+.RE
+.IP \fBOPENSSL_WIN32_UTF8\fR 4
+.IX Item "OPENSSL_WIN32_UTF8"
+If set, then \fBUI_OpenSSL\fR\|(3) returns UTF\-8 encoded strings, rather than
+ones encoded in the current code page, and
+the \fBopenssl\fR\|(1) program also transcodes the command\-line parameters
+from the current code page to UTF\-8.
+This environment variable is only checked on Microsoft Windows platforms.
+.IP \fBRANDFILE\fR 4
+.IX Item "RANDFILE"
+The state file for the random number generator.
+This should not be needed in normal use.
+See \fBRAND_load_file\fR\|(3).
+.IP "\fBSSL_CERT_DIR\fR, \fBSSL_CERT_FILE\fR" 4
+.IX Item "SSL_CERT_DIR, SSL_CERT_FILE"
+Specify the default directory or file containing CA certificates.
+See \fBSSL_CTX_load_verify_locations\fR\|(3).
+.IP \fBTSGET\fR 4
+.IX Item "TSGET"
+Additional arguments for the \fBtsget\fR\|(1) command.
+.IP "\fBOPENSSL_ia32cap\fR, \fBOPENSSL_sparcv9cap\fR, \fBOPENSSL_ppccap\fR, \fBOPENSSL_armcap\fR, \fBOPENSSL_s390xcap\fR, \fBOPENSSL_riscvcap\fR" 4
+.IX Item "OPENSSL_ia32cap, OPENSSL_sparcv9cap, OPENSSL_ppccap, OPENSSL_armcap, OPENSSL_s390xcap, OPENSSL_riscvcap"
+OpenSSL supports a number of different algorithm implementations for
+various machines and, by default, it determines which to use based on the
+processor capabilities and run time feature enquiry. These environment
+variables can be used to exert more control over this selection process.
+See \fBOPENSSL_ia32cap\fR\|(3), \fBOPENSSL_ppccap\fR\|(3), \fBOPENSSL_riscvcap\fR\|(3),
+and \fBOPENSSL_s390xcap\fR\|(3).
+.IP "\fBNO_PROXY\fR, \fBHTTPS_PROXY\fR, \fBHTTP_PROXY\fR" 4
+.IX Item "NO_PROXY, HTTPS_PROXY, HTTP_PROXY"
+Specify a proxy hostname.
+See \fBOSSL_HTTP_parse_url\fR\|(3).
+.IP \fBQLOGDIR\fR 4
+.IX Item "QLOGDIR"
+Specifies a QUIC qlog output directory. See \fBopenssl\-qlog\fR\|(7).
+.IP \fBOSSL_QFILTER\fR 4
+.IX Item "OSSL_QFILTER"
+Used to set a QUIC qlog filter specification. See \fBopenssl\-qlog\fR\|(7).
+.IP \fBSSLKEYLOGFILE\fR 4
+.IX Item "SSLKEYLOGFILE"
+Used to produce the standard format output file for SSL key logging. Optionally
+set this variable to a filename to log all secrets produced by SSL connections.
+Note, use of the environment variable is predicated on configuring OpenSSL at
+build time with the enable\-sslkeylog feature. The file format standard can be
+found at <https://datatracker.ietf.org/doc/draft\-ietf\-tls\-keylogfile/>.
+Note: the use of \fBSSLKEYLOGFILE\fR poses an explicit security risk. By recording
+the exchanged keys during an SSL session, it allows any available party with
+read access to the file to decrypt application traffic sent over that session.
+Use of this feature should be restricted to test and debug environments only.
+.SH COPYRIGHT
+.IX Header "COPYRIGHT"
+Copyright 2019\-2026 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+<https://www.openssl.org/source/license.html>.
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-30 06:22:14 +0000