aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc/apps/config.pod
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2015-07-07 08:57:00 -0400
committerMike DePaulo <mikedep333@gmail.com>2015-07-07 08:57:00 -0400
commitddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3 (patch)
treeca8fc6529b2ff894f5264dbce5b53d3e595ee1c9 /openssl/doc/apps/config.pod
parentbbc50e3219a2e7801f4e636fe90df08fe3a28323 (diff)
downloadvcxsrv-ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3.tar.gz
vcxsrv-ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3.tar.bz2
vcxsrv-ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3.zip
Update openssl: 1.0.1m -> 1.0.1o
Diffstat (limited to 'openssl/doc/apps/config.pod')
-rw-r--r--openssl/doc/apps/config.pod53
1 files changed, 53 insertions, 0 deletions
diff --git a/openssl/doc/apps/config.pod b/openssl/doc/apps/config.pod
index d5cce54f4..e12591528 100644
--- a/openssl/doc/apps/config.pod
+++ b/openssl/doc/apps/config.pod
@@ -277,6 +277,59 @@ priority and B</tmp> used if neither is defined:
# The above value is used if TEMP isn't in the environment
tmpfile=${ENV::TEMP}/tmp.filename
+Simple OpenSSL library configuration example to enter FIPS mode:
+
+ # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
+
+ [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+
+ [evp_sect]
+ # Set to "yes" to enter FIPS mode if supported
+ fips_mode = yes
+
+Note: in the above example you will get an error in non FIPS capable versions
+of OpenSSL.
+
+More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
+
+ # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
+
+ [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+ oid_section = new_oids
+
+ [evp_sect]
+ # This will have no effect as FIPS mode is off by default.
+ # Set to "yes" to enter FIPS mode, if supported
+ fips_mode = no
+
+ [new_oids]
+ # New OID, just short name
+ newoid1 = 1.2.3.4.1
+ # New OID shortname and long name
+ newoid2 = New OID 2 long name, 1.2.3.4.2
+
+The above examples can be used with with any application supporting library
+configuration if "openssl_conf" is modified to match the appropriate "appname".
+
+For example if the second sample file above is saved to "example.cnf" then
+the command line:
+
+ OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
+
+will output:
+
+ 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1
+
+showing that the OID "newoid1" has been added as "1.2.3.4.1".
+
=head1 BUGS
Currently there is no way to include characters using the octal B<\nnn>