| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202 |
- =pod
- =head1 NAME
- openssl-env - OpenSSL environment variables
- =head1 DESCRIPTION
- The OpenSSL libraries use environment variables to override the
- compiled-in default paths for various data.
- To avoid security risks, the environment is usually not consulted when
- the executable is set-user-ID or set-group-ID.
- =over 4
- =item B<CTLOG_FILE>
- Specifies the path to a certificate transparency log list.
- See L<CTLOG_STORE_new(3)>.
- =item B<OPENSSL>
- Specifies the path to the B<openssl> executable. Used by
- the B<rehash> script (see L<openssl-rehash(1)/Script Configuration>)
- and by the B<CA.pl> script (see L<CA.pl(1)/NOTES>
- =item B<OPENSSL_CONF>, B<OPENSSL_CONF_INCLUDE>
- Specifies the path to a configuration file and the directory for
- included files.
- See L<config(5)>.
- =item B<OPENSSL_CONFIG>
- Specifies a configuration option and filename for the B<req> and B<ca>
- commands invoked by the B<CA.pl> script.
- See L<CA.pl(1)>.
- =item B<OPENSSL_ENGINES>
- Specifies the directory from which dynamic engines are loaded.
- See L<openssl-engine(1)>.
- =item B<OPENSSL_MALLOC_FD>, B<OPENSSL_MALLOC_FAILURES>
- If built with debugging, this allows memory allocation to fail.
- See L<OPENSSL_malloc(3)>.
- =item B<OPENSSL_MODULES>
- Specifies the directory from which cryptographic providers are loaded.
- Equivalently, the generic B<-provider-path> command-line option may be used.
- =item B<OPENSSL_TRACE>
- By default the OpenSSL trace feature is disabled statically.
- To enable it, OpenSSL must be built with tracing support,
- which may be configured like this: C<./config enable-trace>
- Unless OpenSSL tracing support is generally disabled,
- enable trace output of specific parts of OpenSSL libraries, by name.
- This output usually makes sense only if you know OpenSSL internals well.
- The value of this environment varialble is a comma-separated list of names,
- with the following available:
- =over 4
- =item B<TRACE>
- Traces the OpenSSL trace API itself.
- =item B<INIT>
- Traces OpenSSL library initialization and cleanup.
- =item B<TLS>
- Traces the TLS/SSL protocol.
- =item B<TLS_CIPHER>
- Traces the ciphers used by the TLS/SSL protocol.
- =item B<CONF>
- Show details about provider and engine configuration.
- =item B<ENGINE_TABLE>
- The function that is used by RSA, DSA (etc) code to select registered
- ENGINEs, cache defaults and functional references (etc), will generate
- debugging summaries.
- =item B<ENGINE_REF_COUNT>
- Reference counts in the ENGINE structure will be monitored with a line
- of generated for each change.
- =item B<PKCS5V2>
- Traces PKCS#5 v2 key generation.
- =item B<PKCS12_KEYGEN>
- Traces PKCS#12 key generation.
- =item B<PKCS12_DECRYPT>
- Traces PKCS#12 decryption.
- =item B<X509V3_POLICY>
- Generates the complete policy tree at various points during X.509 v3
- policy evaluation.
- =item B<BN_CTX>
- Traces BIGNUM context operations.
- =item B<CMP>
- Traces CMP client and server activity.
- =item B<STORE>
- Traces STORE operations.
- =item B<DECODER>
- Traces decoder operations.
- =item B<ENCODER>
- Traces encoder operations.
- =item B<REF_COUNT>
- Traces decrementing certain ASN.1 structure references.
- =item B<HTTP>
- Traces the HTTP client and server, such as messages being sent and received.
- =back
- =item B<OPENSSL_WIN32_UTF8>
- If set, then L<UI_OpenSSL(3)> returns UTF-8 encoded strings, rather than
- ones encoded in the current code page, and
- the L<openssl(1)> program also transcodes the command-line parameters
- from the current code page to UTF-8.
- This environment variable is only checked on Microsoft Windows platforms.
- =item B<RANDFILE>
- The state file for the random number generator.
- This should not be needed in normal use.
- See L<RAND_load_file(3)>.
- =item B<SSL_CERT_DIR>, B<SSL_CERT_FILE>
- Specify the default directory or file containing CA certificates.
- See L<SSL_CTX_load_verify_locations(3)>.
- =item B<TSGET>
- Additional arguments for the L<tsget(1)> command.
- =item B<OPENSSL_ia32cap>, B<OPENSSL_sparcv9cap>, B<OPENSSL_ppccap>, B<OPENSSL_armcap>, B<OPENSSL_s390xcap>, B<OPENSSL_riscvcap>
- OpenSSL supports a number of different algorithm implementations for
- various machines and, by default, it determines which to use based on the
- processor capabilities and run time feature enquiry. These environment
- variables can be used to exert more control over this selection process.
- See L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)>.
- =item B<NO_PROXY>, B<HTTPS_PROXY>, B<HTTP_PROXY>
- Specify a proxy hostname.
- See L<OSSL_HTTP_parse_url(3)>.
- =item B<QLOGDIR>
- Specifies a QUIC qlog output directory. See L<openssl-qlog(7)>.
- =item B<OSSL_QFILTER>
- Used to set a QUIC qlog filter specification. See L<openssl-qlog(7)>.
- =back
- =head1 COPYRIGHT
- Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|
