SGI Techpubs Library

Linux  »  Man Pages
find in page



       The OpenSSL CONF library can be used to read configuration files.  It
       is used for the OpenSSL master configuration file openssl.cnf and in a
       few other places like SPKAC files and certificate extension files for
       the x509 utility.

       A configuration file is divided into a number of sections. Each section
       starts with a line [ section_name ] and ends when a new section is
       started or end of file is reached. A section name can consist of
       alphanumeric characters and underscores.

       The first section of a configuration file is special and is referred to
       as the default section this is usually unnamed and is from the start of
       file until the first named section. When a name is being looked up it
       is first looked up in a named section (if any) and then the default

       The environment is mapped onto a section called ENV.

       Comments can be included by preceding them with the # character

       Each section in a configuration file consists of a number of name and
       value pairs of the form name=value

       The name string can contain any alphanumeric characters as well as a
       few punctuation symbols such as . , ; and _.

       The value string consists of the string following the = character until
       end of line with any leading and trailing white space removed.

       The value string undergoes variable expansion. This can be done by
       including the form $var or ${var}: this will substitute the value of
       the named variable in the current section. It is also possible to sub-
       stitute a value from another section using the syntax $section::name or
       ${section::name}. By using the form $ENV::name environment variables
       can be substituted. It is also possible to assign values to environment
       variables by using the name ENV::name, this will work if the program
       looks up environment variables using the CONF library instead of call-
       ing getenv() directly.

       It is possible to escape certain characters by using any kind of quote
       or the \ character. By making the last character of a line a \ a value
       string can be spread across multiple lines. In addition the sequences
       \n, \r, \b and \t are recognized.


       If a configuration file attempts to expand a variable that doesn’t
       exist then an error is flagged and the file will not load. This can
       happen if an attempt is made to expand an environment variable that
       doesn’t exist. For example the default OpenSSL master configuration
       file used the value of HOME which may not be defined on non Unix sys-

       This can be worked around by including a default section to provide a
       default value: then if the environment lookup fails the default value
       will be used instead. For this to work properly the default value must


       Here is a sample configuration file using some of the features men-
       tioned above.

        # This is the default section.

        RANDFILE= ${ENV::HOME}/.rnd

        [ section_one ]

        # We are now in section one.

        # Quotes permit leading and trailing whitespace
        any = " any variable name "

        other = A string that can \
        cover several lines \
        by including \\ characters

        message = Hello World\n

        [ section_two ]

        greeting = $section_one::message

       This next example shows how to expand environment variables safely.

       Suppose you want a variable called tmpfile to refer to a temporary
       filename. The directory it is placed in can determined by the the TEMP
       or TMP environment variables but they may not be set to any value at
       all. If you just include the environment variable names and the vari-
       able doesn’t exist then this will cause an error when an attempt is
       made to load the configuration file. By making use of the default sec-
       tion both values can be looked up with TEMP taking priority and /tmp
       used if neither is defined:

        # The above value is used if TMP isn’t in the environment
        # The above value is used if TEMP isn’t in the environment


       Currently there is no way to include characters using the octal \nnn
       form. Strings are all null terminated so nulls cannot form part of the

       The escaping isn’t quite right: if you want to use sequences like \n
       you can’t use any quote escaping on the same line.

       Files are loaded in a single pass. This means that an variable expan-
       sion will only work if the variables referenced are defined earlier in
       the file.

Output converted with man2html

home/search | what's new | help