On Wed, Dec 17, 2008, Victor Duchovni wrote: > > Note that OPENSSL_config() has no return code. If a configuration > error occurs it will write to STDERR and forcibly exit the > application. Applications that want finer control can call the > underlying functions such as CONF_modules_load_file() directly. > > - OPENSSL(config(...) instead of OPENSSL_config(...) in the example > > - In the PDF view, the closing ")" of the OPENSSL_config(...) call > is not visible. It is only visible when one uses copy/paste to > yank the text. > > - The 0.9.8i man page for OPENSSL_config, does not document the exit on > on error behaviour. Rather it says: > > The OPENSSL_config() function is designed to be a very simple "call it > and forget it" function. As a result its behaviour is somewhat lim- > ited. It ignores all errors silently and it can only load from the > standard configuration file location for example. > > Was the documentation wrong all along, or does FIPS force a change in > the documented semantics of existing APIs? >
The documentation is incomplete. Some errors such as a missing configuration file are ignored. An error when running a configuration module will cause the application to exit. This can be caused by a malformed configuration file or an error which occurs when an API call is made. An example of that would be a failed FIPS_mode_set(). Thanks for the input I'll update the docs. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
