Hello Daniel,
Hello Eneas,
On 2021-04-23 01:36, Eneas U de Queiroz wrote:
On Thu, Apr 22, 2021 at 3:55 AM Daniel Danzberger <dan...@dd-wrt.com>
wrote:
Automatically enable an engine in the openssl.cnf if it has been
build.
Before this change, /etc/openssl.cnf had to be edited manually on the
system to enable the engine.
+define Package/libopenssl-conf/enable
+ $(if $(CONFIG_PACKAGE_libopenssl-$(2)),sed -i
s/^\#*$(2)=$(2)/$(2)=$(2)/ $(1)/etc/ssl/openssl.cnf)
+endef
define Package/libopenssl-conf/install
$(INSTALL_DIR) $(1)/etc/ssl
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
+ $(call Package/libopenssl-conf/enable,$(1),devcrypto)
+ $(call Package/libopenssl-conf/enable,$(1),afalg)
+ $(call Package/libopenssl-conf/enable,$(1),padlock)
I do like the idea, though. My first thought was to add an install
script to the engine packages. The problem is that the config file
may have been changed in a way that sed may produce unwanted results.
How about if we create a uci default script and check on the running
system what is installed?
And then we could generate a file and add or remove an include line form
the openssl.cnf [1]?
Another option, which may be the easiest and safest, is to use your
approach, but only uncomment the engines built into the firmware (=y),
and not the ones built as modules.
I think this is not an option, because not all want to have all engines
installed.
That is my opinion.
Thanks florian
[1] https://github.com/openssl/openssl/blob/master/apps/openssl.cnf#L10
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
