O'Reilly logo

Network Security with OpenSSL by Pravir Chandra, Matt Messier, John Viega

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuration Files

We learned how to create a CA by first creating a configuration file to hold our parameters in Chapter 3. The command-line tool used this file to perform as we had configured, such as obeying choices for algorithms, providing default values for fields in the subject name, etc. The public API has a suite of functions for processing and accessing values of configuration files. The files themselves simply organize and map keys to values. In general, the keys are strings, and the values can be either integers or strings, although all values are stored internally as strings.

The goal of the configuration file interface is to make the format of the file opaque to the code that processes it. This is done through NCONF objects. When such objects are created, a CONF_METHOD structure is specified that aggregates the routines to perform the low-level file parsing operations. OpenSSL most commonly uses the function NCONF_default to get the CONF_METHOD object. This method reads files of the format we described in Chapter 2. Because of the flexibility afforded by specifying the underlying CONF_METHOD, the NCONF interface may be extended in future versions of OpenSSL to include support for reading configuration files of new formats, such as XML.

There are only a few functions to this simple interface, and we'll explore them by looking at an example. Example 10-2 presents a small sample configuration file.

Example 10-2. A sample configuration file (testconf.cnf)

# The ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required