Next: , Previous: , Up: Top   [Contents][Index]


8 System-wide configuration of the library

GnuTLS 3.6.9 introduced a system-wide configuration of the library which can be used to disable or mark algorithms and protocols as insecure system-wide, overriding the library defaults. The format of this configuration file is of an INI file, with the hash (’#’) allowed for commenting. It intentionally does not allow switching algorithms or protocols which were disabled or marked as insecure during compile time to the secure set. This is to prevent the feature from being used to attack the system. Unknown options or sections in the configuration file are skipped unless the environment variable GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID is set to 1, where it would cause the library to exit on unknown options.

The location of the default configuration file is /etc/gnutls/config, but its actual location may be overriden during compile time or at run-time using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. The file used can be queried using gnutls_get_system_config_file.

Function: const char * gnutls_get_system_config_file ( void)

Returns the filename of the system wide configuration file loaded by the library. The returned pointer is valid until the library is unloaded.

Returns: a constant pointer to the config file loaded, or NULL if none

Since: 3.6.9


Next: , Previous: , Up: Top   [Contents][Index]