Next: Using GnuTLS as a cryptographic library, Previous: GnuTLS application examples, Up: Top [Contents][Index]
GnuTLS 3.6.9 introduced a system-wide configuration of the library
which can be used to disable or mark algorithms and protocols as insecure
system-wide, overriding the library defaults. The format of this
configuration file is of an INI file, with the hash (’#’) allowed for
commenting. It intentionally does not allow switching algorithms or protocols
which were disabled or marked as insecure during compile time to the secure
set. This is to prevent the feature from being used to attack the system.
Unknown options or sections in the configuration file are skipped unless
the environment variable GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID is
set to 1, where it would cause the library to exit on unknown options.
The location of the default configuration file is /etc/gnutls/config,
but its actual location may be overridden during compile time or at run-time
using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. The file
used can be queried using gnutls_get_system_config_file.
Returns the filename of the system wide configuration file to be loaded by the library.
Returns: a constant pointer to the config file path
Since: 3.6.9
Next: Using GnuTLS as a cryptographic library, Previous: GnuTLS application examples, Up: Top [Contents][Index]