# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-05-01 15:37+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. ======================================================================== #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Title" msgstr "" #. ======================================================================== #. type: IX #: archlinux #, no-wrap msgid "CONFIG 5ssl" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "CONFIG" msgstr "" #. type: TH #: archlinux #, no-wrap msgid "2024-04-28" msgstr "" #. type: TH #: archlinux #, no-wrap msgid "3.3.0" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "OpenSSL" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "config - OpenSSL CONF library configuration files" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Header" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "This page documents the syntax of OpenSSL configuration files, as parsed by " "B\\|(3) and related functions. This format is used by many of " "the OpenSSL commands, and to initialize the libraries when used by any " "application." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The first part describes the general syntax of the configuration files, and " "subsequent sections describe the semantics of individual modules. Other " "modules are described in B\\|(5) and \\&B\\|" "(5). The syntax for defining ASN.1 values is described in " "\\&B\\|(3)." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "SYNTAX" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "A configuration file is a series of lines. Blank lines, and whitespace " "between the elements of a line, have no significance. A comment starts with " "a B<#> character; the rest of the line is ignored. If the B<#> is the first " "non-space character in a line, the entire line is ignored." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Directives" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Subsection" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Two directives can be used to control the parsing of configuration files: " "\\&B<.include> and B<.pragma>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "For compatibility with older versions of OpenSSL, an equal sign after the " "directive will be ignored. Older versions will treat it as an assignment, " "so care should be taken if the difference in semantics is important." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "A file can include other files using the include syntax:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& .include [=] pathname" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "If B is a simple filename, that file is included directly at that " "point. Included files can have B<.include> statements that specify other " "files. If B is a directory, all files within that directory that " "have a CW<\\*(C`.cnf\\*(C'> or CW<\\*(C`.conf\\*(C'> extension will be " "included. (This is only available on systems with POSIX IO support.) Any " "sub-directories found inside the B are B. Similarly, if " "a file is opened while scanning a directory, and that file has an B<." "include> directive that specifies a directory, that is also ignored." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "As a general rule, the B should be an absolute path; this can be " "enforced with the B and B pragmas, described below. " "The environment variable B, if it exists, is prepended " "to all relative pathnames. If the pathname is still relative, it is " "interpreted based on the current working directory." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "To require all file inclusions to name absolute paths, use the following " "directive:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& .pragma [=] abspath:value" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The default behavior, where the B is B or B, is to allow " "relative paths. To require all B<.include> pathnames to be absolute paths, " "use a B of B or B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "In these files, the dollar sign, B<$>, is used to reference a variable, as " "described below. On some platforms, however, it is common to treat B<$> as " "a regular character in symbol names. Supporting this behavior can be done " "with the following directive:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& .pragma [=] dollarid:value" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The default behavior, where the B is B or B, is to treat " "the dollarsign as indicating a variable name; CW<\\*(C`foo$bar\\*(C'> is " "interpreted as \\&CW<\\*(C`foo\\*(C'> followed by the expansion of the " "variable CW<\\*(C`bar\\*(C'>. If B is \\&B or B, then " "CW<\\*(C`foo$bar\\*(C'> is a single seven-character name and variable " "expansions must be specified using braces or parentheses." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& .pragma [=] includedir:value" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "If a relative pathname is specified in the B<.include> directive, and the " "B environment variable doesn't exist, then the value " "of the B pragma, if it exists, is prepended to the pathname." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Settings" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "A configuration file is divided into a number of I. A section " "begins with the section name in square brackets, and ends when a new section " "starts, or at the end of the file. The section name can consist of " "alphanumeric characters and underscores. Whitespace between the name and " "the brackets is removed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The first section of a configuration file is special and is referred to as " "the B section. This section is usually unnamed and spans from the " "start of file until the first named section. When a name is being looked up, " "it is first looked up in the current or named section, and then the default " "section if necessary." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "The environment is mapped onto a section called B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Within a section are a series of name/value assignments, described in more " "detail below. As a reminder, the square brackets shown in this example are " "required, not optional:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [ section ] \\& name1 = This is value1 \\& name2 = Another value " "\\& ... \\& [ newsection ] \\& name1 = New value1 \\& name3 = Value 3" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The B can contain any alphanumeric characters as well as a few " "punctuation symbols such as B<.> B<,> B<;> and B<_>. Whitespace after the " "name and before the equal sign is ignored." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If a name is repeated in the same section, then all but the last value are " "ignored. In certain circumstances, such as with Certificate DNs, the same " "field may occur multiple times. In order to support this, commands like " "B\\|(1) ignore any leading text that is preceded with a period. " "For example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& 1.OU = First OU \\& 2.OU = Second OU" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The B consists of the string following the B<=> character until end " "of line with any leading and trailing whitespace removed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The value string undergoes variable expansion. The text CW<$var> or " "CW<\\*(C`${var}\\*(C'> inserts the value of the named variable from the " "current section. To use a value from another section use CW<$section::name> " "or CW<\\*(C`${section::name}\\*(C'>. By using CW<$ENV::name>, the value of " "the specified environment variable will be substituted." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Variables must be defined before their value is referenced, otherwise an " "error is flagged and the file will not load. This can be worked around by " "specifying a default value in the B section before the variable is " "used." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Any name/value settings in an B section are available to the " "configuration file, but are not propagated to the environment." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "It is an error if the value ends up longer than 64k." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "It is possible to escape certain characters by using a single B<'> or double " "B<\"> quote around the value, or using a backslash B<\\e> before the " "character, By making the last character of a line a B<\\e> a B string " "can be spread across multiple lines. In addition the sequences B<\\en>, " "B<\\er>, B<\\eb> and B<\\et> are recognized." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The expansion and escape rules as described above that apply to B " "also apply to the pathname of the B<.include> directive." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "OPENSSL LIBRARY CONFIGURATION" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The sections below use the informal term I to refer to a part of the " "OpenSSL functionality. This is not the same as the formal term \\&I, for example." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The OpenSSL configuration looks up the value of B in the " "default section and takes that as the name of a section that specifies how " "to configure any modules in the library. It is not an error to leave any " "module in its default configuration. An application can specify a different " "name by calling B, for example, directly." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "OpenSSL also looks up the value of B. If this exists " "and has a nonzero numeric value, any error suppressing flags passed to " "B will be ignored. This is useful for diagnosing " "misconfigurations but its use in production requires additional " "consideration. With this option enabled, a configuration error will " "completely prevent access to a service. Without this option and in the " "presence of a configuration error, access will be allowed but the desired " "configuration will B be used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& # These must be in the default section \\& config_diagnostics = 1 \\& " "openssl_conf = openssl_init \\& \\& [openssl_init] \\& oid_section = oids " "\\& providers = providers \\& alg_section = evp_properties \\& ssl_conf = " "ssl_configuration \\& engines = engines \\& random = random \\& \\& [oids] " "\\& ... new oids here ... \\& \\& [providers] \\& ... provider stuff " "here ... \\& \\& [evp_properties] \\& ... EVP properties here ... \\& \\& " "[ssl_configuration] \\& ... SSL/TLS configuration properties here ... \\& " "\\& [engines] \\& ... engine properties here ... \\& \\& [random] \\& ... " "random properties here ..." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The semantics of each module are described below. The phrase \"in the " "initialization section\" refers to the section identified by the " "\\&B or other name (given as B in the example " "above). The examples below assume the configuration above is used to " "specify the individual sections." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "ASN.1 Object Identifier Configuration" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The name B in the initialization section names the section " "containing name/value pairs of OID's. The name is the short name; the value " "is an optional long name followed by a comma, and the numeric value. While " "some OpenSSL commands have their own section for specifying OID's, this " "section makes them available to all commands and applications." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [oids] \\& shortName = a very long OID name, 1.2.3.4 \\& newoid1 = " "1.2.3.4.1 \\& some_other_oid = 1.2.3.5" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If a full configuration with the above fragment is in the file \\&I, then the following command line:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "will output:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "showing that the OID \"newoid1\" has been added as \"1.2.3.4.1\"." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Provider Configuration" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The name B in the initialization section names the section " "containing cryptographic provider configuration. The name/value assignments " "in this section each name a provider, and point to the configuration section " "for that provider. The provider-specific section is used to specify how to " "load the module, activate it, and set other parameters." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "Within a provider section, the following names have meaning:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Item" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "identity" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "This is used to specify an alternate name, overriding the default name " "specified in the list of providers. For example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [providers] \\& foo = foo_provider \\& \\& [foo_provider] \\& identity = " "my_fips_module" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "module" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Specifies the pathname of the module (typically a shared library) to load." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "activate" msgstr "" #. type: Plain text #: archlinux msgid "" "If present and set to one of the values yes, on, true or 1, then the " "associated provider will be activated. Conversely, setting this value to no, " "off, false, or 0 will prevent the provider from being activated. Settings " "can be given in lower or uppercase. Setting activate to any other setting, " "or omitting a setting value will result in an error." msgstr "" #. type: Plain text #: archlinux msgid "= item B" msgstr "" #. type: Plain text #: archlinux msgid "" "If enabled, informs the library to clear the error stack on failure to " "activate requested provider. A value of 1, yes, true or on (in lower or " "uppercase) will activate this setting, while a value of 0, no, false, of off " "(again in lower or uppercase) will disable this setting. Any other value " "will produce an error. Note this setting defaults to off if not provided" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "All parameters in the section as well as sub-sections are made available to " "the provider." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "I" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Default provider and its activation" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If no providers are activated explicitly, the default one is activated " "implicitly. See B\\|(7) for more details." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If you add a section explicitly activating any other provider(s), you most " "probably need to explicitly activate the default provider, otherwise it " "becomes unavailable in openssl. It may make the system remotely unavailable." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "EVP Configuration" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The name B in the initialization section names the section " "containing algorithmic properties when using the B API." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Within the algorithm properties section, the following names have meaning:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "default_properties" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The value may be anything that is acceptable as a property query string for " "B." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B (deprecated)" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "fips_mode (deprecated)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The value is a boolean that can be B or B. If the value is " "\\&B, this is exactly equivalent to:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& default_properties = fips=yes" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "If the value is B, nothing happens. Using this name is deprecated, and " "if used, it must be the only name in the section." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "SSL Configuration" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The name B in the initialization section names the section " "containing the list of SSL/TLS configurations. As with the providers, each " "name in this section identifies a section with the configuration for that " "name. For example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [ssl_configuration] \\& server = server_tls_config \\& client = " "client_tls_config \\& system_default = tls_system_default \\& \\& " "[server_tls_config] \\& ... configuration for SSL/TLS servers ... \\& \\& " "[client_tls_config] \\& ... configuration for SSL/TLS clients ..." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The configuration name B has a special meaning. If it " "exists, it is applied whenever an B object is created. For " "example, to impose system-wide minimum TLS and DTLS protocol versions:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [tls_system_default] \\& MinProtocol = TLSv1.2 \\& MinProtocol = DTLSv1.2" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The minimum TLS protocol is applied to B objects that are TLS-" "based, and the minimum DTLS protocol to those are DTLS-based. The same " "applies also to maximum versions set with B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "Each configuration section consists of name/value pairs that are parsed by " "B, which will be called by B or " "\\&B, appropriately. Note that any characters before an " "initial dot in the configuration section are ignored, so that the same " "command can be used multiple times. This probably is most useful for loading " "different key types, as shown here:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [server_tls_config] \\& RSA.Certificate = server-rsa.pem \\& ECDSA." "Certificate = server-ecdsa.pem" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Engine Configuration" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "The name B in the initialization section names the section " "containing the list of ENGINE configurations. As with the providers, each " "name in this section identifies an engine with the configuration for that " "engine. The engine-specific section is used to specify how to load the " "engine, activate it, and set other parameters." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "Within an engine section, the following names have meaning:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "engine_id" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "This is used to specify an alternate name, overriding the default name " "specified in the list of engines. If present, it must be first. For example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [engines] \\& foo = foo_engine \\& \\& [foo_engine] \\& engine_id = myfoo" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "dynamic_path" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This loads and adds an ENGINE from the given path. It is equivalent to " "sending the ctrls B with the path argument followed by B " "with value B<2> and B to the dynamic ENGINE. If this is not the " "required behaviour then alternative ctrls can be sent directly to the " "dynamic ENGINE using ctrl commands." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "init" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This specifies whether to initialize the ENGINE. If the value is B<0> the " "ENGINE will not be initialized, if the value is B<1> an attempt is made to " "initialize the ENGINE immediately. If the B command is not present " "then an attempt will be made to initialize the ENGINE after all commands in " "its section have been processed." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "default_algorithms" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This sets the default algorithms an ENGINE will supply using the function " "\\&B." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "All other names are taken to be the name of a ctrl command that is sent to " "the ENGINE, and the value is the argument passed with the command. The " "special value B means no value is sent with the command. For example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& [engines] \\& foo = foo_engine \\& \\& [foo_engine] \\& dynamic_path = /" "some/path/fooengine.so \\& some_ctrl = some_value \\& default_algorithms = " "ALL \\& other_ctrl = EMPTY" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "Random Configuration" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The name B in the initialization section names the section " "containing the random number generator settings." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "Within the random section, the following names have meaning:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "random" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "This is used to specify the random bit generator. For example:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "\\& [random] \\& random = CTR-DRBG" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "The available random bit generators are:" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "CTR-DRBG" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "HASH-DRBG" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "HMAC-DRBG" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "cipher" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This specifies what cipher a B random bit generator will use. " "Other random bit generators ignore this name. The default value is " "B." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "digest" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "This specifies what digest the B or B random bit " "generators will use. Other random bit generators ignore this name." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "properties" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "This sets the property query used when fetching the random bit generator and " "any underlying algorithms." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "seed" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This sets the randomness source that should be used. By default B " "will be used outside of the FIPS provider. The FIPS provider uses call " "backs to access the same randomness sources from outside the validated " "boundary." msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "seed_properties" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "This sets the property query used when fetching the randomness source." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "EXAMPLES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "This example shows how to use quoting and escaping." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& # This is the default section. \\& HOME = /temp \\& configdir = $ENV::" "HOME/config \\& \\& [ section_one ] \\& # Quotes permit leading and trailing " "whitespace \\& any = \" any variable name \" \\& other = A string that can " "\\e \\& cover several lines \\e \\& by including \\e\\e characters \\& " "message = Hello World\\en \\& \\& [ section_two ] \\& greeting = " "$section_one::message" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This example shows how to expand environment variables safely. In this " "example, the variable B is intended to refer to a temporary file, " "and the environment variable B or \\&B, if present, specify the " "directory where the file should be put. Since the default section is " "checked if a variable does not exist, it is possible to set B to " "default to I, and \\&B to default to B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& # These two lines must be in the default section. \\& TMP = /tmp \\& " "TEMP = $ENV::TMP \\& \\& # This can be used anywhere \\& tmpfile = ${ENV::" "TEMP}/tmp.filename" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "This example shows how to enforce FIPS mode for the application \\&I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\& sample = fips_config \\& \\& [fips_config] \\& alg_section = " "evp_properties \\& \\& [evp_properties] \\& default_properties = \"fips=yes\"" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "ENVIRONMENT" msgstr "" #. type: IP #: archlinux debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "OPENSSL_CONF" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The path to the config file, or the empty string for none. Ignored in set-" "user-ID and set-group-ID programs." msgstr "" #. type: IP #: archlinux debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "OPENSSL_ENGINES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The path to the engines directory. Ignored in set-user-ID and set-group-ID " "programs." msgstr "" #. type: IP #: archlinux debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "OPENSSL_MODULES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The path to the directory with OpenSSL modules, such as providers. Ignored " "in set-user-ID and set-group-ID programs." msgstr "" #. type: IP #: archlinux debian-unstable #, no-wrap msgid "B" msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "OPENSSL_CONF_INCLUDE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "The optional path to prepend to all B<.include> paths." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "BUGS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "There is no way to include characters using the octal B<\\ennn> form. " "Strings are all null terminated so nulls cannot form part of the value." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The escaping isn't quite right: if you want to use sequences like B<\\en> " "you can't use any quote escaping on the same line." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "The limit that only one directory can be opened and read at a time can be " "considered a bug and should be fixed." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "HISTORY" msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "An undocumented API, B, used a slightly different set of " "parsing rules there were intended to be tailored to the Microsoft Windows " "platform. Specifically, the backslash character was not an escape character " "and could be used in pathnames, only the double-quote character was " "recognized, and comments began with a semi-colon. This function was " "deprecated in OpenSSL 3.0; applications with configuration files using that " "syntax will have to be modified." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "" "\\&B\\|(1), B\\|(1), B\\|(1), " "\\&B\\|(1), \\&B\\|(3), " "\\&B\\|(3), \\&B\\|(3), " "\\&B\\|(3), \\&B\\|(5), and " "\\&B\\|(5)." msgstr "" #. type: IX #: archlinux debian-bookworm debian-unstable #, no-wrap msgid "COPYRIGHT" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable msgid "Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved." msgstr "" #. type: Plain text #: archlinux debian-unstable msgid "" "Licensed under the Apache License 2.0 (the \"License\"). You may not use " "this file except in compliance with the License. You can obtain a copy in " "the file LICENSE in the source distribution or at Ehttps://www.openssl." "org/source/license.htmlE." msgstr "" #. type: ds C+ #: debian-bookworm #, no-wrap msgid "C\\v'-.1v'\\h'-1p'\\s-2+\\h'-1p'+\\s0\\v'.1v'\\h'-1p'" msgstr "" #. type: ds : #: debian-bookworm #, no-wrap msgid "\\k:\\h'-(\\n(.wu*8/10-\\*(#H+.1m+\\*(#F)'\\v'-\\*(#V'\\z.\\h'.2m+\\*(#F'.\\h'|\\n:u'\\v'\\*(#V'" msgstr "" #. type: ds 8 #: debian-bookworm #, no-wrap msgid "\\h'\\*(#H'\\(*b\\h'-\\*(#H'" msgstr "" #. type: ds o #: debian-bookworm #, no-wrap msgid "\\k:\\h'-(\\n(.wu+\\w'\\(de'u-\\*(#H)/2u'\\v'-.3n'\\*(#[\\z\\(de\\v'.3n'\\h'|\\n:u'\\*(#]" msgstr "" #. type: ds d- #: debian-bookworm #, no-wrap msgid "\\h'\\*(#H'\\(pd\\h'-\\w'~'u'\\v'-.25m'I<\\(hy>\\v'.25m'\\h'-\\*(#H'" msgstr "" #. type: ds D- #: debian-bookworm #, no-wrap msgid "D\\k:\\h'-\\w'D'u'\\v'-.11m'\\z\\(hy\\v'.11m'\\h'|\\n:u'" msgstr "" #. type: ds th #: debian-bookworm #, no-wrap msgid "\\*(#[\\v'.3m'\\s+1I\\s-1\\v'-.3m'\\h'-(\\w'I'u*2/3)'\\s-1o\\s+1\\*(#]" msgstr "" #. type: ds Th #: debian-bookworm #, no-wrap msgid "\\*(#[\\s+2I\\s-2\\h'-\\w'I'u*3/5'\\v'-.3m'o\\v'.3m'\\*(#]" msgstr "" #. type: ds ae #: debian-bookworm #, no-wrap msgid "a\\h'-(\\w'a'u*4/10)'e" msgstr "" #. type: ds Ae #: debian-bookworm #, no-wrap msgid "A\\h'-(\\w'A'u*4/10)'E" msgstr "" #. ======================================================================== #. type: IX #: debian-bookworm debian-unstable #, no-wrap msgid "CONFIG 5SSL" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "2023-10-23" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "3.0.11" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The first part describes the general syntax of the configuration files, and " "subsequent sections describe the semantics of individual modules. Other " "modules are described in B\\|(5) and \\&B\\|" "(5). The syntax for defining \\s-1ASN.1\\s0 values is described in " "\\&B\\|(3)." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "If B is a simple filename, that file is included directly at that " "point. Included files can have B<.include> statements that specify other " "files. If B is a directory, all files within that directory that " "have a CW<\\*(C`.cnf\\*(C'> or CW<\\*(C`.conf\\*(C'> extension will be " "included. (This is only available on systems with \\s-1POSIX IO\\s0 " "support.) Any sub-directories found inside the B are B. " "Similarly, if a file is opened while scanning a directory, and that file has " "an B<.include> directive that specifies a directory, that is also ignored." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "As a general rule, the B should be an absolute path; this can be " "enforced with the B and B pragmas, described below. " "The environment variable B<\\s-1OPENSSL_CONF_INCLUDE\\s0>, if it exists, is " "prepended to all relative pathnames. If the pathname is still relative, it " "is interpreted based on the current working directory." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "If a relative pathname is specified in the B<.include> directive, and the " "B<\\s-1OPENSSL_CONF_INCLUDE\\s0> environment variable doesn't exist, then " "the value of the B pragma, if it exists, is prepended to the " "pathname." msgstr "" #. type: Plain text #: debian-bookworm msgid "The environment is mapped onto a section called B<\\s-1ENV\\s0>." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "Any name/value settings in an B<\\s-1ENV\\s0> section are available to the " "configuration file, but are not propagated to the environment." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The sections below use the informal term I to refer to a part of the " "OpenSSL functionality. This is not the same as the formal term " "\\&I<\\s-1FIPS\\s0 module>, for example." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The semantics of each module are described below. The phrase \\*(L\"in the " "initialization section\\*(R\" refers to the section identified by the " "\\&B or other name (given as B in the example " "above). The examples below assume the configuration above is used to " "specify the individual sections." msgstr "" #. type: SS #: debian-bookworm #, no-wrap msgid "\\s-1ASN.1\\s0 Object Identifier Configuration" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The name B in the initialization section names the section " "containing name/value pairs of \\s-1OID\\s0's. The name is the short name; " "the value is an optional long name followed by a comma, and the numeric " "value. While some OpenSSL commands have their own section for specifying " "\\s-1OID\\s0's, this section makes them available to all commands and " "applications." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "showing that the \\s-1OID\\s0 \\*(L\"newoid1\\*(R\" has been added as " "\\*(L\"1.2.3.4.1\\*(R\"." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "If present, the module is activated. The value assigned to this name is not " "significant." msgstr "" #. type: SS #: debian-bookworm #, no-wrap msgid "\\s-1EVP\\s0 Configuration" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The name B in the initialization section names the section " "containing algorithmic properties when using the B<\\s-1EVP\\s0> \\s-1API." "\\s0" msgstr "" #. type: SS #: debian-bookworm #, no-wrap msgid "\\s-1SSL\\s0 Configuration" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The name B in the initialization section names the section " "containing the list of \\s-1SSL/TLS\\s0 configurations. As with the " "providers, each name in this section identifies a section with the " "configuration for that name. For example:" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The configuration name B has a special meaning. If it " "exists, it is applied whenever an B<\\s-1SSL_CTX\\s0> object is created. " "For example, to impose system-wide minimum \\s-1TLS\\s0 and \\s-1DTLS\\s0 " "protocol versions:" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The minimum \\s-1TLS\\s0 protocol is applied to B<\\s-1SSL_CTX\\s0> objects " "that are TLS-based, and the minimum \\s-1DTLS\\s0 protocol to those are DTLS-" "based. The same applies also to maximum versions set with B." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "The name B in the initialization section names the section " "containing the list of \\s-1ENGINE\\s0 configurations. As with the " "providers, each name in this section identifies an engine with the " "configuration for that engine. The engine-specific section is used to " "specify how to load the engine, activate it, and set other parameters." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This loads and adds an \\s-1ENGINE\\s0 from the given path. It is equivalent " "to sending the ctrls B<\\s-1SO_PATH\\s0> with the path argument followed by " "B<\\s-1LIST_ADD\\s0> with value B<2> and B<\\s-1LOAD\\s0> to the dynamic " "\\s-1ENGINE.\\s0 If this is not the required behaviour then alternative " "ctrls can be sent directly to the dynamic \\s-1ENGINE\\s0 using ctrl " "commands." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This specifies whether to initialize the \\s-1ENGINE.\\s0 If the value is " "B<0> the \\&\\s-1ENGINE\\s0 will not be initialized, if the value is B<1> an " "attempt is made to initialize the \\s-1ENGINE\\s0 immediately. If the " "B command is not present then an attempt will be made to initialize " "the \\s-1ENGINE\\s0 after all commands in its section have been processed." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This sets the default algorithms an \\s-1ENGINE\\s0 will supply using the " "function \\&B." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "All other names are taken to be the name of a ctrl command that is sent to " "the \\s-1ENGINE,\\s0 and the value is the argument passed with the command. " "The special value B<\\s-1EMPTY\\s0> means no value is sent with the " "command. For example:" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This specifies what cipher a B random bit generator will use. " "Other random bit generators ignore this name. The default value is " "B<\\s-1AES-256-CTR\\s0>." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This sets the randomness source that should be used. By default B " "will be used outside of the \\s-1FIPS\\s0 provider. The \\s-1FIPS\\s0 " "provider uses call backs to access the same randomness sources from outside " "the validated boundary." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This example shows how to expand environment variables safely. In this " "example, the variable B is intended to refer to a temporary file, " "and the environment variable B<\\s-1TEMP\\s0> or \\&B<\\s-1TMP\\s0>, if " "present, specify the directory where the file should be put. Since the " "default section is checked if a variable does not exist, it is possible to " "set B<\\s-1TMP\\s0> to default to I, and \\&B<\\s-1TEMP\\s0> to " "default to B<\\s-1TMP\\s0>." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This example shows how to enforce \\s-1FIPS\\s0 mode for the application " "\\&I." msgstr "" #. type: IP #: debian-bookworm #, no-wrap msgid "B<\\s-1OPENSSL_CONF\\s0>" msgstr "" #. type: IP #: debian-bookworm #, no-wrap msgid "B<\\s-1OPENSSL_ENGINES\\s0>" msgstr "" #. type: IP #: debian-bookworm #, no-wrap msgid "B<\\s-1OPENSSL_MODULES\\s0>" msgstr "" #. type: IP #: debian-bookworm #, no-wrap msgid "B<\\s-1OPENSSL_CONF_INCLUDE\\s0>" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "An undocumented \\s-1API, B, used a slightly different " "set of parsing rules there were intended to be tailored to the Microsoft " "Windows platform. Specifically, the backslash character was not an escape " "character and could be used in pathnames, only the double-quote character " "was recognized, and comments began with a semi-colon. This function was " "deprecated in OpenSSL 3.0; applications with configuration files using that " "syntax will have to be modified." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "Licensed under the Apache License 2.0 (the \\*(L\"License\\*(R\"). You may " "not use this file except in compliance with the License. You can obtain a " "copy in the file \\s-1LICENSE\\s0 in the source distribution or at " "Ehttps://www.openssl.org/source/license.htmlE." msgstr "" #. type: TH #: debian-unstable #, no-wrap msgid "2024-04-04" msgstr "" #. type: TH #: debian-unstable #, no-wrap msgid "3.2.2-dev" msgstr ""