system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-07 00:50:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
freebsd-src/crypto/openssl/doc/man3/OPENSSL_config.pod
Pierre Pronchery b077aed33b Merge OpenSSL 3.0.9 
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0.  OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0.  For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0.  Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1.  The process of updating to contemporary APIs can continue after
this merge.

Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit.  Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.

There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g.  haproxy).
Investigation will continue for these.

Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.

Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.

PR:		271615
PR:		271656 [exp-run]
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2023-06-23 18:53:36 -04:00

88 lines
2.7 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
=head1 SYNOPSIS
#include <openssl/conf.h>
The following functions have been deprecated since OpenSSL 1.1.0, and can be
hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
see L<openssl_user_macros(7)>:
void OPENSSL_config(const char *appname);
void OPENSSL_no_config(void);
=head1 DESCRIPTION
OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
reads from the application section B<appname>. If B<appname> is NULL then
the default section, B<openssl_conf>, will be used.
Errors are silently ignored.
Multiple calls have no effect.
OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
no configuration takes place.
If the application is built with B<OPENSSL_LOAD_CONF> defined, then a
call to OpenSSL_add_all_algorithms() will implicitly call OPENSSL_config()
first.
=head1 NOTES
The OPENSSL_config() function is designed to be a very simple "call it and
forget it" function.
It is however B<much> better than nothing. Applications which need finer
control over their configuration functionality should use the configuration
functions such as CONF_modules_load() directly. This function is deprecated
and its use should be avoided.
Applications should instead call CONF_modules_load() during
initialization (that is before starting any threads).
There are several reasons why calling the OpenSSL configuration routines is
advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs).
However, very few applications currently support the control interface and so
very few can load and use dynamic ENGINEs. Equally in future more sophisticated
ENGINEs will require certain control operations to customize them. If an
application calls OPENSSL_config() it doesn't need to know or care about
ENGINE control operations because they can be performed by editing a
configuration file.
=head1 ENVIRONMENT
=over 4
=item B<OPENSSL_CONF>
The path to the config file.
Ignored in set-user-ID and set-group-ID programs.
=back
=head1 RETURN VALUES
Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
=head1 SEE ALSO
L<config(5)>,
L<CONF_modules_load_file(3)>
=head1 HISTORY
The OPENSSL_no_config() and OPENSSL_config() functions were
deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
=head1 COPYRIGHT
Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in a new issue View git blame Copy permalink