From abdd677125f3a9e3082f8c5692203590fdb9b860 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Sun, 25 Jan 2015 21:07:20 -0500 Subject: [PATCH] Make OPENSSL_config truly ignore errors. Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Viktor Dukhovni --- crypto/conf/conf_sap.c | 18 ++---------------- doc/crypto/OPENSSL_config.pod | 10 ++++------ 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index a3e78961e3..544fe97387 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -86,24 +86,10 @@ void OPENSSL_config(const char *config_name) /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); #endif - /* Add others here? */ - ERR_clear_error(); - if (CONF_modules_load_file(NULL, config_name, + CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { - BIO_printf(bio_err, "Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - fprintf(stderr, "OpenSSL could not auto-configure.\n"); - exit(1); - } - - return; + CONF_MFLAGS_IGNORE_MISSING_FILE); } void OPENSSL_no_config() diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index fefe293605..91d61f3f51 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -17,8 +17,7 @@ OPENSSL_config() configures OpenSSL using the standard B configuration file name using B. If B is NULL then the file specified in the environment variable B will be used, and if that is not set then a system default location is used. -In case of error, a message is printed to B and the routine -exit's. +Errors are silently ignored. Multiple calls have no effect. OPENSSL_no_config() disables configuration. If called before OPENSSL_config() @@ -37,10 +36,9 @@ The OPENSSL_config() function is designed to be a very simple "call it and forget it" function. It is however B better than nothing. Applications which need finer control over their configuration functionality should use the configuration -functions such as CONF_modules_load() directly. - -It is B recommended that B new applications call -CONF_modules_load() during +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is -- GitLab