Hello, "Dr. Stephen Henson" <st...@openssl.org> wrote: |On Fri, Feb 13, 2015, Viktor Dukhovni wrote: |> On Fri, Feb 13, 2015 at 11:59:13AM +0000, Salz, Rich wrote: |>>> Some time ago, I had submitted a patch which allows administrators, but |>>> most importantly OS distributors to set their own strings \ |>>> in the configuration
|>> And my intent is to pull this into master pretty soon. |> We may not need a patch for this, I thought we were about to deprecate |> OpenSSL_config() with its void return status and encourage folks |Just clarification. The initialisation we're recommending I normally refer |to as "config modules". NCONF is a more general API for configuration files. I think an interesting question would be wether that configuration API will eventually obsolete the direct function interface? |Config modules were intended to be used for application setup so would |be a good place to add a system cipher string instead of a \ |whole new mechanism. |The only problem is that it would only work with application that supported |config modules. So break API compatibility and extend the mandatory SSL_library_init() to incorporate the functionality of CONF_modules_load_file(), introducing a SSL_library_free() counterpart? Or don't break compatibility and let SSL_library_init() internally do OPENSSL_config() unless OPENSSL_INIT_DONT_LOAD_CONF is defined? Or ditto but introduce a new SSL_library_init_with_conf() with an SSL_library_free_with_conf(), too. It will be very interesting to see how you will overcome that deadlocked situation. Have a nice weekend. --steffen _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
