| |
| =pod |
| |
| =head1 NAME |
| |
| config - OpenSSL CONF library configuration files |
| |
| =head1 DESCRIPTION |
| |
| The OpenSSL CONF library can be used to read configuration files. |
| It is used for the OpenSSL master configuration file B<openssl.cnf> |
| and in a few other places like B<SPKAC> files and certificate extension |
| files for the B<x509> utility. |
| |
| A configuration file is divided into a number of sections. Each section |
| starts with a line B<[ section_name ]> and ends when a new section is |
| started or end of file is reached. A section name can consist of |
| alphanumeric characters and underscores. |
| |
| The first section of a configuration file is special and is referred |
| to as the B<default> section this is usually unnamed and is from the |
| start of file until the first named section. When a name is being looked up |
| it is first looked up in a named section (if any) and then the |
| default section. |
| |
| The environment is mapped onto a section called B<ENV>. |
| |
| Comments can be included by preceding them with the B<#> character |
| |
| Each section in a configuration file consists of a number of name and |
| value pairs of the form B<name=value> |
| |
| The B<name> string can contain any alphanumeric characters as well as |
| a few punctuation symbols such as B<.> B<,> B<;> and B<_>. |
| |
| The B<value> string consists of the string following the B<=> character |
| until end of line with any leading and trailing white space removed. |
| |
| The value string undergoes variable expansion. This can be done by |
| including the form B<$var> or B<${var}>: this will substitute the value |
| of the named variable in the current section. It is also possible to |
| substitute a value from another section using the syntax B<$section::name> |
| or B<${section::name}>. By using the form B<$ENV::name> environment |
| variables can be substituted. It is also possible to assign values to |
| environment variables by using the name B<ENV::name>, this will work |
| if the program looks up environment variables using the B<CONF> library |
| instead of calling B<getenv()> directly. |
| |
| It is possible to escape certain characters by using any kind of quote |
| or the B<\> character. By making the last character of a line a B<\> |
| a B<value> string can be spread across multiple lines. In addition |
| the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. |
| |
| =head1 NOTES |
| |
| If a configuration file attempts to expand a variable that doesn't exist |
| then an error is flagged and the file will not load. This can happen |
| if an attempt is made to expand an environment variable that doesn't |
| exist. For example the default OpenSSL master configuration file used |
| the value of B<HOME> which may not be defined on non Unix systems. |
| |
| This can be worked around by including a B<default> section to provide |
| a default value: then if the environment lookup fails the default value |
| will be used instead. For this to work properly the default value must |
| be defined earlier in the configuration file than the expansion. See |
| the B<EXAMPLES> section for an example of how to do this. |
| |
| If the same variable exists in the same section then all but the last |
| value will be silently ignored. In certain circumstances such as with |
| DNs the same field may occur multiple times. This is usually worked |
| around by ignoring any characters before an initial B<.> e.g. |
| |
| 1.OU="My first OU" |
| 2.OU="My Second OU" |
| |
| =head1 EXAMPLES |
| |
| Here is a sample configuration file using some of the features |
| mentioned above. |
| |
| # This is the default section. |
| |
| HOME=/temp |
| RANDFILE= ${ENV::HOME}/.rnd |
| configdir=$ENV::HOME/config |
| |
| [ section_one ] |
| |
| # We are now in section one. |
| |
| # Quotes permit leading and trailing whitespace |
| any = " any variable name " |
| |
| other = A string that can \ |
| cover several lines \ |
| by including \\ characters |
| |
| message = Hello World\n |
| |
| [ section_two ] |
| |
| greeting = $section_one::message |
| |
| This next example shows how to expand environment variables safely. |
| |
| Suppose you want a variable called B<tmpfile> to refer to a |
| temporary filename. The directory it is placed in can determined by |
| the the B<TEMP> or B<TMP> environment variables but they may not be |
| set to any value at all. If you just include the environment variable |
| names and the variable doesn't exist then this will cause an error when |
| an attempt is made to load the configuration file. By making use of the |
| default section both values can be looked up with B<TEMP> taking |
| priority and B</tmp> used if neither is defined: |
| |
| TMP=/tmp |
| # The above value is used if TMP isn't in the environment |
| TEMP=$ENV::TMP |
| # The above value is used if TEMP isn't in the environment |
| tmpfile=${ENV::TEMP}/tmp.filename |
| |
| =head1 BUGS |
| |
| Currently there is no way to include characters using the octal B<\nnn> |
| form. Strings are all null terminated so nulls cannot form part of |
| the value. |
| |
| The escaping isn't quite right: if you want to use sequences like B<\n> |
| you can't use any quote escaping on the same line. |
| |
| Files are loaded in a single pass. This means that an variable expansion |
| will only work if the variables referenced are defined earlier in the |
| file. |
| |
| =head1 SEE ALSO |
| |
| L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)> |
| |
| =cut |
