diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2023-03-14 18:51:45 -0300 |
---|---|---|
committer | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2023-04-05 08:24:49 -0300 |
commit | 0b70d55a64c39da4144cc15aa7d6de70a3957ccb (patch) | |
tree | 1c1b0fdc037de5386abdd581d2039b5f3db30db2 /package/libs/openssl/files | |
parent | 975036f6f9c8b12fbf82854ea006b4951c5be783 (diff) | |
download | upstream-0b70d55a64c39da4144cc15aa7d6de70a3957ccb.tar.gz upstream-0b70d55a64c39da4144cc15aa7d6de70a3957ccb.tar.bz2 upstream-0b70d55a64c39da4144cc15aa7d6de70a3957ccb.zip |
openssl: make UCI config aware of built-in engines
Engines that are built into the main libcrypto OpenSSL library can't be
disabled through UCI. Add a 'builtin' setting to signal that the engine
can't be disabled through UCI, and show a message explaining this in
case buitin=1 and enabled=0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/openssl/files')
-rwxr-xr-x | package/libs/openssl/files/openssl.init | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/package/libs/openssl/files/openssl.init b/package/libs/openssl/files/openssl.init index 21e253e7a5..f895b9878c 100755 --- a/package/libs/openssl/files/openssl.init +++ b/package/libs/openssl/files/openssl.init @@ -6,15 +6,26 @@ ENGINES_CNF="/var/etc/ssl/engines.cnf" ENGINES_DIR="%ENGINES_DIR%" config_engine() { - local enabled force + local builtin enabled force + + config_get_bool builtin "$1" builtin 0 config_get_bool enabled "$1" enabled 1 config_get_bool force "$1" force 0 - [ "$enabled" = 0 ] && return - if [ "$force" = 0 ] && \ - [ ! -f "${ENGINES_CNF_D}/$1.cnf" ] && \ - [ ! -f "${ENGINES_DIR}/$1.so" ]; then - echo Skipping engine "$1": not installed - return + + if [ "$enabled" = 0 ]; then + [ "$builtin" != 1 ] && return 1 + echo "Engine $1 is built into the libcrypto library and can't be disabled through UCI." && \ + echo "If the engine was not built-in, remove 'config builtin' from /etc/config/openssl." + elif [ "$force" = 1 ]; then + printf "[Forced] " + elif ! grep -q "\\[ *$1 *]" "${ENGINES_CNF_D}"/*; then + echo "$1: Could not find section [$1] in config files." + return 1 + elif [ "$builtin" = 1 ]; then + printf "[Builtin] " + elif [ ! -f "${ENGINES_DIR}/$1.so" ];then + echo "$1: ${ENGINES_DIR}/$1.so not found." + return 1 fi echo Enabling engine "$1" echo "$1=$1" >> "${ENGINES_CNF}" |