NAME

openssl-env - OpenSSL environment variables

DESCRIPTION

The OpenSSL libraries use environment variables to override the compiled-in default paths for various data. To avoid security risks, the environment is usually not consulted when the executable is set-user-ID or set-group-ID.

CTLOG_FILE

Specifies the path to a certificate transparency log list. See CTLOG_STORE_new(3).

OPENSSL

Specifies the path to the openssl executable. Used by the rehash script (see "Script Configuration" in openssl-rehash(1)) and by the CA.pl script (see "NOTES" in CA.pl(1)

OPENSSL_CONF, OPENSSL_CONF_INCLUDE

Specifies the path to a configuration file and the directory for included files. See config(5).

OPENSSL_CONFIG

Specifies a configuration option and filename for the req and ca commands invoked by the CA.pl script. See CA.pl(1).

OPENSSL_ENGINES

Specifies the directory from which dynamic engines are loaded. See openssl-engine(1).

OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES

If built with debugging, this allows memory allocation to fail. See OPENSSL_malloc(3).

OPENSSL_MODULES

Specifies the directory from which cryptographic providers are loaded. Equivalently, the generic -provider-path command-line option may be used.

OPENSSL_WIN32_UTF8

If set, then UI_OpenSSL(3) returns UTF-8 encoded strings, rather than ones encoded in the current code page, and the openssl(1) program also transcodes the command-line parameters from the current code page to UTF-8. This environment variable is only checked on Microsoft Windows platforms.

RANDFILE

The state file for the random number generator. This should not be needed in normal use. See RAND_load_file(3).

SSL_CERT_DIR, SSL_CERT_FILE

Specify the default directory or file containing CA certificates. See SSL_CTX_load_verify_locations(3).

TSGET

Additional arguments for the tsget(1) command.

OPENSSL_ia32cap, OPENSSL_sparcv9cap, OPENSSL_ppccap, OPENSSL_armcap, OPENSSL_s390xcap, OPENSSL_riscvcap

OpenSSL supports a number of different algorithm implementations for various machines and, by default, it determines which to use based on the processor capabilities and run time feature enquiry. These environment variables can be used to exert more control over this selection process. See OPENSSL_ia32cap(3), OPENSSL_s390xcap(3).

NO_PROXY, HTTPS_PROXY, HTTP_PROXY

Specify a proxy hostname. See OSSL_HTTP_parse_url(3).

QLOGDIR

Specifies a QUIC qlog output directory. See openssl-qlog(7).

OSSL_QFILTER

Used to set a QUIC qlog filter specification. See openssl-qlog(7).

COPYRIGHT

Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.