| 
        config - OpenSSL CONF library configuration files
        The OpenSSL CONF library can be used to read configuration
       files. It is used for  the  OpenSSL  master  configuration
       file  openssl.cnf  and  in  a  few other places like SPKAC
       files and certificate extension files for the  x509  utility.
       A configuration file is divided into a number of sections.
       Each section starts with a line  [section_name]  and  ends
       when a new section is started or end of file is reached. A
       section name can consist of  alphanumeric  characters  and
       underscores.
       The  first  section of a configuration file is special and
       is referred to as the default  section.  This  is  usually
       unnamed  and  is  from  the  start of file until the first
       named section. When a name is being looked up it is  first
       looked up in a named section (if any) and then the default
       section.
       The environment is mapped onto a section called ENV.
       Comments can be included by  preceding  them  with  the  #
       character
       Each  section in a configuration file consists of a number
       of name and value pairs of the form name=value
       The name string can contain any alphanumeric characters as
       well as a few punctuation symbols such as , ; and _.
       The  value  string  consists of the string following the =
       character until end of line with any leading and  trailing
       white space removed.
       The value string undergoes variable expansion. This can be
       done by including the form $var or ${var}: this will  substitute
  the  value  of  the named variable in the current
       section. It is also possible to substitute  a  value  from
       another  section using the syntax $section::name or ${section::name}.
 By  using  the  form  $ENV::name  environment
       variables  can  be  substituted.  It  is  also possible to
       assign values to environment variables by using  the  name
       ENV::name, this will work if the program looks up environment
 variables using the CONF library instead  of  calling
       getenv() directly.
       It  is  possible to escape certain characters by using any
       kind of quote or the \ character. By making the last character
  of  a  line a \ a value string can be spread across
       multiple lines. In addition the sequences \n, \r,  \b  and
       \t are recognized.
       If a configuration file attempts to expand a variable that
       doesn't exist then an error is flagged and the  file  will
       not  load. This can happen if an attempt is made to expand
       an environment variable that doesn't exist.  For  example,
       the  default  OpenSSL  master  configuration file used the
       value of HOME which may not be defined on  non  Unix  systems.
       This  can  be worked around by including a default section
       to provide a  default  value.  Then,  if  the  environment
       lookup  fails  the default value will be used instead. For
       this to work properly the default value  must  be  defined
       earlier in the configuration file than the expansion.  See
       the EXAMPLES section for an example of how to do this.
       If the same variable exists in the same section  then  all
       but  the  last  value will be silently ignored. In certain
       circumstances such as with DNs the same  field  may  occur
       multiple  times. This is usually worked around by ignoring
       any characters before an initial Two examples follow:
        1.OU="My first OU"
        2.OU="My Second OU"
       Currently there is no way to include characters using  the
       octal  \nnn form. Strings are all null terminated so nulls
       cannot form part of the value.
       The escaping  isn't  quite  right.  If  you  want  to  use
       sequences  such as \n you cannot use any quote escaping on
       the same line.
       Files are loaded in a single pass. This means that a variable
  expansion will only work if the variables referenced
       are defined earlier in the file.
       This sample configuration file uses some of  the  features
       mentioned:
        # This is the default section.
        HOME=/temp
        RANDFILE= ${ENV::HOME}/.rnd
        configdir=$ENV::HOME/config
        [ section_one ]
        # We are now in section one.
        # Quotes permit leading and trailing whitespace
        any = " any variable name "
        other = A string that can \
        cover several lines \
        by including \\ characters
        message = Hello World\n
        [ section_two ]
        greeting = $section_one::message
       The  following  example  shows  how  to expand environment
       variables safely.
       Suppose you want a variable called tmpfile to refer  to  a
       temporary  filename.  The  directory  it  is placed in can
       determined by the the TEMP or  TMP  environment  variables
       but  they  may  not  be  set  to  any value at all. If you
       include the environment variable names  and  the  variable
       does  not  exist  then  this  will  cause an error when an
       attempt is made to load the configuration file. By  making
       use  of  the  default section both values can be looked up
       with TEMP taking  priority and /tmp  used  if  neither  is
       defined:
        TMP=/tmp
        # The above value is used if TMP isn't in the environment
        TEMP=$ENV::TMP
        # The above value is used if TEMP isn't in  the  environment
        tmpfile=${ENV::TEMP}/tmp.filename
       Commands: x509(1), req(1), ca(1)
                                                        config(5)
[ Back ] |