Make OPENSSL_config truly ignore errors.

Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
abdd6771 · Rich Salz · 8de24b79 · abdd6771 · abdd6771
隐藏空白更改
内联并排

Showing with 6 addition and 22 deletion

crypto/conf/conf_sap.c crypto/conf/conf_sap.c +2 -16

doc/crypto/OPENSSL_config.pod doc/crypto/OPENSSL_config.pod +4 -6

未找到文件。
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -86,24 +86,10 @@ void OPENSSL_config(const char *config_name)
    /* Need to load ENGINEs */
    ENGINE_load_builtin_engines();
 #endif
-    /* Add others here? */
    ERR_clear_error();
-    if (CONF_modules_load_file(NULL, config_name,
+    CONF_modules_load_file(NULL, config_name,
                               CONF_MFLAGS_DEFAULT_SECTION |
-                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+                               CONF_MFLAGS_IGNORE_MISSING_FILE);
-        BIO *bio_err;
-        ERR_load_crypto_strings();
-        if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
-            BIO_printf(bio_err, "Auto configuration failed\n");
-            ERR_print_errors(bio_err);
-            BIO_free(bio_err);
-        }
-        fprintf(stderr, "OpenSSL could not auto-configure.\n");
-        exit(1);
-    }
-    return;
 }
 void OPENSSL_no_config()

--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -17,8 +17,7 @@ OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
 configuration file name using B<config_name>. If B<config_name> is NULL then
 the file specified in the environment variable B<OPENSSL_CONF> will be used,
 and if that is not set then a system default location is used.
-In case of error, a message is printed to B<stderr> and the routine
+Errors are silently ignored.
-exit's.
 Multiple calls have no effect.
 OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
@@ -37,10 +36,9 @@ The OPENSSL_config() function is designed to be a very simple "call it and
 forget it" function.
 It is however B<much> better than nothing. Applications which need finer
 control over their configuration functionality should use the configuration
-functions such as CONF_modules_load() directly.
+functions such as CONF_modules_load() directly. This function is deprecated
+and its use should be avoided.
-It is B<strongly> recommended that B<all> new applications call
+Applications should instead call CONF_modules_load() during
-CONF_modules_load() during
 initialization (that is before starting any threads).
 There are several reasons why calling the OpenSSL configuration routines is