We learned how to create a CA by first creating a configuration file to hold our parameters in Chapter 3. The command-line tool used this file to perform as we had configured, such as obeying choices for algorithms, providing default values for fields in the subject name, etc. The public API has a suite of functions for processing and accessing values of configuration files. The files themselves simply organize and map keys to values. In general, the keys are strings, and the values can be either integers or strings, although all values are stored internally as strings.
The goal of the configuration file interface is to
make the format of the file opaque to the code that processes it.
This is done through
objects. When such objects are created, a
structure is specified that
aggregates the routines to perform the low-level file parsing
operations. OpenSSL most commonly uses the function
to get the
object. This method reads files of the format we described in Chapter 2. Because of the flexibility afforded by
specifying the underlying
interface may be extended in future
versions of OpenSSL to include support for reading configuration
files of new formats, such as XML.
There are only a few functions to this simple interface, and we'll explore them by looking at an example. Example 10-2 presents a small sample configuration file.
Example 10-2. A sample configuration file (testconf.cnf)
# The ...