forked from openwrt/openwrt
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This uses uci to configure engines, by generating a list of enabled engines in /var/etc/ssl/engines.cnf from engines configured in /etc/config/openssl: config engine 'devcrypto' option enabled '1' Currently the only options implemented are 'enabled', which defaults to true and enables the named engine, and the 'force' option, that enables the engine even if the init script thinks the engine does not exist. The existence test is to check for either a configuration file /etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file /usr/lib/engines-1.1/%ENGINE%.so. The engine list is generated by an init script which is set to run after 'log' because it informs the engines being enabled or skipped. It should run before any service using OpenSSL as the crypto library, otherwise the service will not use any engine. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
- Loading branch information
1 parent
30b0351
commit 0134f84
Showing
5 changed files
with
54 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/bin/sh /etc/rc.common | ||
|
||
START=13 | ||
ENGINES_CNF_D="/etc/ssl/engines.cnf.d" | ||
ENGINES_CNF="/var/etc/ssl/engines.cnf" | ||
ENGINES_DIR="%ENGINES_DIR%" | ||
|
||
config_engine() { | ||
local enabled force | ||
config_get_bool enabled "$1" enabled 1 | ||
config_get_bool force "$1" force 0 | ||
[ "$enabled" = 0 ] && return | ||
if [ "$force" = 0 ] && \ | ||
[ ! -f "${ENGINES_CNF_D}/$1.cnf" ] && \ | ||
[ ! -f "${ENGINES_DIR}/$1.so" ]; then | ||
echo Skipping engine "$1": not installed | ||
return | ||
fi | ||
echo Enabling engine "$1" | ||
echo "$1=$1" >> "${ENGINES_CNF}" | ||
} | ||
|
||
start() { | ||
mkdir -p "$(dirname "${ENGINES_CNF}")" || exit 1 | ||
echo Generating engines.cnf | ||
echo "# This file is automatically generated from /etc/config/openssl." \ | ||
> "${ENGINES_CNF}" || \ | ||
{ echo Error writing ${ENGINES_CNF} >&2; exit 1; } | ||
config_load openssl | ||
config_foreach config_engine engine | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters