diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2022-02-20 21:09:30 -0300 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-02-22 16:37:23 +0100 |
| commit | 0134f845dab95e0e7f885f4e227d9a41aedf909d (patch) | |
| tree | a7486ce3e7805990b2eb930902ec8ad4a68ba2c3 /package/libs/openssl/Makefile | |
| parent | 30b0351039850d01c382b745a1f40b81b4be2a93 (diff) | |
| download | upstream-0134f845dab95e0e7f885f4e227d9a41aedf909d.tar.gz upstream-0134f845dab95e0e7f885f4e227d9a41aedf909d.tar.bz2 upstream-0134f845dab95e0e7f885f4e227d9a41aedf909d.zip | |
openssl: configure engines with uci
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:
config engine 'devcrypto'
option enabled '1'
Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.
The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.
The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/openssl/Makefile')
| -rw-r--r-- | package/libs/openssl/Makefile | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 3a0666ff8e..8ca4d83380 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=m PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 @@ -128,7 +128,6 @@ endef define Package/libopenssl-conf/conffiles /etc/ssl/openssl.cnf -/etc/ssl/engines.cnf.d/engines.cnf $(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf) $(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf) endef @@ -378,15 +377,17 @@ define Package/libopenssl/install endef define Package/libopenssl-conf/install - $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d + $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config $(1)/etc/init.d $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ - $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/ + $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl + $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl + touch $(1)/etc/config/openssl $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO), $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/ - echo devcrypto=devcrypto >> $(1)/etc/ssl/engines.cnf.d/engines.cnf) + echo -e "config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc/config/openssl) $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK), $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/ - echo padlock=padlock >> $(1)/etc/ssl/engines.cnf.d/engines.cnf) + echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc/config/openssl) endef define Package/openssl-util/install |