diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-07-07 08:57:00 -0400 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-07-07 08:57:00 -0400 |
commit | ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3 (patch) | |
tree | ca8fc6529b2ff894f5264dbce5b53d3e595ee1c9 /openssl/doc/apps/config.pod | |
parent | bbc50e3219a2e7801f4e636fe90df08fe3a28323 (diff) | |
download | vcxsrv-ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3.tar.gz vcxsrv-ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3.tar.bz2 vcxsrv-ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3.zip |
Update openssl: 1.0.1m -> 1.0.1o
Diffstat (limited to 'openssl/doc/apps/config.pod')
-rw-r--r-- | openssl/doc/apps/config.pod | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/openssl/doc/apps/config.pod b/openssl/doc/apps/config.pod index d5cce54f4..e12591528 100644 --- a/openssl/doc/apps/config.pod +++ b/openssl/doc/apps/config.pod @@ -277,6 +277,59 @@ priority and B</tmp> used if neither is defined: # The above value is used if TEMP isn't in the environment tmpfile=${ENV::TEMP}/tmp.filename +Simple OpenSSL library configuration example to enter FIPS mode: + + # Default appname: should match "appname" parameter (if any) + # supplied to CONF_modules_load_file et al. + openssl_conf = openssl_conf_section + + [openssl_conf_section] + # Configuration module list + alg_section = evp_sect + + [evp_sect] + # Set to "yes" to enter FIPS mode if supported + fips_mode = yes + +Note: in the above example you will get an error in non FIPS capable versions +of OpenSSL. + +More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: + + # Default appname: should match "appname" parameter (if any) + # supplied to CONF_modules_load_file et al. + openssl_conf = openssl_conf_section + + [openssl_conf_section] + # Configuration module list + alg_section = evp_sect + oid_section = new_oids + + [evp_sect] + # This will have no effect as FIPS mode is off by default. + # Set to "yes" to enter FIPS mode, if supported + fips_mode = no + + [new_oids] + # New OID, just short name + newoid1 = 1.2.3.4.1 + # New OID shortname and long name + newoid2 = New OID 2 long name, 1.2.3.4.2 + +The above examples can be used with with any application supporting library +configuration if "openssl_conf" is modified to match the appropriate "appname". + +For example if the second sample file above is saved to "example.cnf" then +the command line: + + OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 + +will output: + + 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 + +showing that the OID "newoid1" has been added as "1.2.3.4.1". + =head1 BUGS Currently there is no way to include characters using the octal B<\nnn> |