CONFIG(5)                   OpenSSL                   CONFIG(5)





NAME
       config - OpenSSL CONF library configuration files

DESCRIPTION
       The OpenSSL CONF library can be used to read configura-
       tion files.  It is used for the OpenSSL master configu-
       ration file openssl.cnf and in a few other places like
       SPKAC files and certificate extension files for the x509
       utility.

       A configuration file is divided into a number of sec-
       tions. Each section starts with a line [ section_name ]
       and ends when a new section is started or end of file is
       reached. A section name can consist of alphanumeric
       characters and underscores.

       The first section of a configuration file is special and
       is referred to as the default section this is usually
       unnamed and is from the start of file until the first
       named section. When a name is being looked up it is
       first looked up in a named section (if any) and then the
       default section.

       The environment is mapped onto a section called ENV.

       Comments can be included by preceding them with the #
       character

       Each section in a configuration file consists of a num-
       ber of name and value pairs of the form name=value

       The name string can contain any alphanumeric characters
       as well as a few punctuation symbols such as . , ; and
       _.

       The value string consists of the string following the =
       character until end of line with any leading and trail-
       ing white space removed.

       The value string undergoes variable expansion. This can
       be done by including the form $var or ${var}: this will
       substitute the value of the named variable in the cur-
       rent section. It is also possible to substitute a value
       from another section using the syntax $section::name or
       ${section::name}. By using the form $ENV::name environ-
       ment variables can be substituted. It is also possible
       to assign values to environment variables by using the
       name ENV::name, this will work if the program looks up
       environment variables using the CONF library instead of
       calling getenv() directly.

       It is possible to escape certain characters by using any
       kind of quote or the \ character. By making the last
       character of a line a \ a value string can be spread
       across multiple lines. In addition the sequences \n, \r,
       \b and \t are recognized.

NOTES
       If a configuration file attempts to expand a variable
       that doesn't exist then an error is flagged and the file
       will not load. This can happen if an attempt is made to
       expand an environment variable that doesn't exist. For
       example the default OpenSSL master configuration file
       used the value of HOME which may not be defined on non
       Unix systems.

       This can be worked around by including a default section
       to provide a default value: then if the environment
       lookup fails the default value will be used instead. For
       this to work properly the default value must be defined
       earlier in the configuration file than the expansion.
       See the EXAMPLES section for an example of how to do
       this.

       If the same variable exists in the same section then all
       but the last value will be silently ignored. In certain
       circumstances such as with DNs the same field may occur
       multiple times. This is usually worked around by ignor-
       ing any characters before an initial . e.g.

        1.OU="My first OU"
        2.OU="My Second OU"

EXAMPLES
       Here is a sample configuration file using some of the
       features mentioned above.

        # This is the default section.

        HOME=/temp
        RANDFILE= ${ENV::HOME}/.rnd
        configdir=$ENV::HOME/config

        [ section_one ]

        # We are now in section one.

        # Quotes permit leading and trailing whitespace
        any = " any variable name "

        other = A string that can \
        cover several lines \
        by including \\ characters

        message = Hello World\n

        [ section_two ]

        greeting = $section_one::message

       This next example shows how to expand environment vari-
       ables safely.

       Suppose you want a variable called tmpfile to refer to a
       temporary filename. The directory it is placed in can
       determined by the the TEMP or TMP environment variables
       but they may not be set to any value at all. If you just
       include the environment variable names and the variable
       doesn't exist then this will cause an error when an
       attempt is made to load the configuration file. By mak-
       ing use of the default section both values can be looked
       up with TEMP taking priority and /tmp used if neither is
       defined:

        TMP=/tmp
        # The above value is used if TMP isn't in the environment
        TEMP=$ENV::TMP
        # The above value is used if TEMP isn't in the environment
        tmpfile=${ENV::TEMP}/tmp.filename

BUGS
       Currently there is no way to include characters using
       the octal \nnn form. Strings are all null terminated so
       nulls cannot form part of the value.

       The escaping isn't quite right: if you want to use
       sequences like \n you can't use any quote escaping on
       the same line.

       Files are loaded in a single pass. This means that an
       variable expansion will only work if the variables ref-
       erenced are defined earlier in the file.

SEE ALSO
       x509(1), req(1), ca(1)



0.9.7c                     2000-02-03                 CONFIG(5)
