Hi!
I very much would like to see an option in the config script to specify
the directory for certificates/keys instead of just using openssldir.
Reason: we always install packages in version dependent directories (e.g.
/usr/local/openssl-0.9.6d) to be able to maintain several versions in
parallel. Currently, openssl uses openssldir in crypto/cryptlib.h.
openssldir contains some architecture independent, but version dependent
files (misc...), therefore openssldir must still contain the version
number.
The patch below adds an option --certdir to the configure script to
specify a different certdir. (e.g. --certdir=/usr/local/openssl which then
uses /usr/local/openssl/{certs/private})
Result: You can install openssl in version dependent directories and still
maintain a common place for certificates.
Maybe the patch makes it into the contribution.
Cheers,
Gerald
diff -c -r openssl-0.9.6d/Configure openssl-0.9.6d.NEW/Configure
*** openssl-0.9.6d/Configure Fri May 10 01:05:49 2002
--- openssl-0.9.6d.NEW/Configure Thu Jun 27 15:24:49 2002
***************
*** 10,16 ****
# see INSTALL for instructions.
! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx]
[-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR]
[--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
--- 10,16 ----
# see INSTALL for instructions.
! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx]
[-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR]
[--openssldir=OPENSSLDIR] [--certdir=CERTDIR] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
***************
*** 18,23 ****
--- 18,25 ----
# --prefix option is given; /usr/local/ssl otherwise)
# --prefix prefix for the OpenSSL include, lib and bin directories
# (Default: the OPENSSLDIR directory)
+ # --certdir common directory for certificates and private keys
+ # (Default: the OPENSSLDIR directory)
#
# --install_prefix Additional prefix for package builders (empty by
# default). This needn't be set in advance, you can
***************
*** 526,531 ****
--- 528,534 ----
my $prefix="";
my $openssldir="";
+ my $certdir="";
my $exe_ext="";
my $install_prefix="";
my $no_threads=0;
***************
*** 684,689 ****
--- 687,696 ----
{
$openssldir=$1;
}
+ elsif (/^--certdir=(.*)$/)
+ {
+ $certdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
***************
*** 742,750 ****
--- 749,759 ----
$exe_ext=".exe" if ($target eq "Cygwin");
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
+ $certdir=$openssldir if $certdir eq "";
chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /\/$/;
+ chop $certdir if $certdir =~ /\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
***************
*** 954,959 ****
--- 963,969 ----
s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+ s/^CERTDIR=.*$/CERTDIR=$certdir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PLATFORM=.*$/PLATFORM=$target/;
s/^OPTIONS=.*$/OPTIONS=$options/;
***************
*** 1074,1079 ****
--- 1084,1091 ----
{
if (/^#define\s+OPENSSLDIR/)
{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+ elsif (/^#define\s+CERTDIR/)
+ { print OUT "#define CERTDIR \"$certdir\"\n"; }
elsif (/^#define\s+OPENSSL_UNISTD/)
{
$unistd = "<unistd.h>" if $unistd eq "";
***************
*** 1177,1188 ****
# Run "make depend" manually if you want to be able to delete
# the source code files of ciphers you left out.
if ( $perl =~ m@^/@) {
! &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "'
. $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
! &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my
\$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
--- 1189,1200 ----
# Run "make depend" manually if you want to be able to delete
# the source code files of ciphers you left out.
if ( $perl =~ m@^/@) {
! &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "'
. $certdir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
! &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my
\$dir;$', 'my $dir = "' . $certdir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
diff -c -r openssl-0.9.6d/Makefile.org openssl-0.9.6d.NEW/Makefile.org
*** openssl-0.9.6d/Makefile.org Fri May 10 01:05:53 2002
--- openssl-0.9.6d.NEW/Makefile.org Thu Jun 27 15:20:13 2002
***************
*** 24,29 ****
--- 24,32 ----
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
+ # Do not edit this manually. Use Configure --certdir=DIR do change this!
+ CERTDIR=/usr/local/ssl
+
# RSAref - Define if we are to link with RSAref.
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
***************
*** 169,175 ****
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
! MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
SHELL=/bin/sh
--- 172,178 ----
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
! MANDIR=$(INSTALLTOP)/man
MAN1=1
MAN3=3
SHELL=/bin/sh
***************
*** 624,631 ****
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
! $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
! $(INSTALL_PREFIX)$(OPENSSLDIR)/private \
$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
@for i in $(EXHEADER) ;\
do \
--- 627,634 ----
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
! $(INSTALL_PREFIX)$(CERTDIR)/certs \
! $(INSTALL_PREFIX)$(CERTDIR)/private \
$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
@for i in $(EXHEADER) ;\
do \
***************
*** 636,642 ****
do \
if [ -d "$$i" ]; then \
(cd $$i; echo "installing $$i..."; \
! $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}'
SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
fi; \
done
@for i in $(LIBS) ;\
--- 639,645 ----
do \
if [ -d "$$i" ]; then \
(cd $$i; echo "installing $$i..."; \
! $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' CERTDIR='${CERTDIR}'
EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install
); \
fi; \
done
@for i in $(LIBS) ;\
diff -c -r openssl-0.9.6d/crypto/cryptlib.h openssl-0.9.6d.NEW/crypto/cryptlib.h
*** openssl-0.9.6d/crypto/cryptlib.h Tue May 2 14:35:04 2000
--- openssl-0.9.6d.NEW/crypto/cryptlib.h Thu Jun 27 15:21:26 2002
***************
*** 75,84 ****
#endif
#ifndef VMS
! #define X509_CERT_AREA OPENSSLDIR
! #define X509_CERT_DIR OPENSSLDIR "/certs"
! #define X509_CERT_FILE OPENSSLDIR "/cert.pem"
! #define X509_PRIVATE_DIR OPENSSLDIR "/private"
#else
#define X509_CERT_AREA "SSLROOT:[000000]"
#define X509_CERT_DIR "SSLCERTS:"
--- 75,84 ----
#endif
#ifndef VMS
! #define X509_CERT_AREA CERTDIR
! #define X509_CERT_DIR CERTDIR "/certs"
! #define X509_CERT_FILE CERTDIR "/cert.pem"
! #define X509_PRIVATE_DIR CERTDIR "/private"
#else
#define X509_CERT_AREA "SSLROOT:[000000]"
#define X509_CERT_DIR "SSLCERTS:"
diff -c -r openssl-0.9.6d/crypto/opensslconf.h.in
openssl-0.9.6d.NEW/crypto/opensslconf.h.in
*** openssl-0.9.6d/crypto/opensslconf.h.in Fri Feb 18 10:06:55 2000
--- openssl-0.9.6d.NEW/crypto/opensslconf.h.in Thu Jun 27 15:22:29 2002
***************
*** 7,12 ****
--- 7,15 ----
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#define OPENSSLDIR "/usr/local/ssl"
#endif
+ #if defined(HEADER_CRYPTLIB_H) && !defined(CERTDIR)
+ #define CERTDIR "/usr/local/ssl"
+ #endif
#endif
#define OPENSSL_UNISTD <unistd.h>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
