blob: 9fe9cdf590cdbf0451180be3e3b74cbb049a9e79 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Sat, 27 Mar 2021 17:43:25 -0300
Subject: openssl.cnf: add engine configuration
This adds configuration options for engines, loading all cnf files under
/etc/ssl/engines.cnf.d/.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -52,10 +52,13 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+engines = engines_sect
# List of providers to load
[provider_sect]
default = default_sect
+.include /var/etc/ssl/providers.cnf
+
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
@@ -69,7 +72,13 @@ default = default_sect
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
-# activate = 1
+activate = 1
+
+[engines_sect]
+.include /var/etc/ssl/engines.cnf
+
+.include /etc/ssl/modules.cnf.d
+
####################################################################
|