From 0134f845dab95e0e7f885f4e227d9a41aedf909d Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Sun, 20 Feb 2022 21:09:30 -0300 Subject: openssl: configure engines with uci This uses uci to configure engines, by generating a list of enabled engines in /var/etc/ssl/engines.cnf from engines configured in /etc/config/openssl: config engine 'devcrypto' option enabled '1' Currently the only options implemented are 'enabled', which defaults to true and enables the named engine, and the 'force' option, that enables the engine even if the init script thinks the engine does not exist. The existence test is to check for either a configuration file /etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file /usr/lib/engines-1.1/%ENGINE%.so. The engine list is generated by an init script which is set to run after 'log' because it informs the engines being enabled or skipped. It should run before any service using OpenSSL as the crypto library, otherwise the service will not use any engine. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'package/libs/openssl/patches') diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch index 3db7a19212..8851116347 100644 --- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch +++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch @@ -11,7 +11,7 @@ Signed-off-by: Eneas U de Queiroz diff --git a/apps/openssl.cnf b/apps/openssl.cnf --- a/apps/openssl.cnf +++ b/apps/openssl.cnf -@@ -22,6 +22,13 @@ oid_section = new_oids +@@ -22,6 +22,16 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -20,6 +20,9 @@ diff --git a/apps/openssl.cnf b/apps/openssl.cnf +[openssl_conf] +engines=engines + ++[engines] ++.include /var/etc/ssl/engines.cnf ++ +.include /etc/ssl/engines.cnf.d + [ new_oids ] -- cgit v1.2.3