1
0

openssl.init 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. #!/bin/sh /etc/rc.common
  2. START=13
  3. ENGINES_CNF=/var/etc/ssl/engines.cnf
  4. ENGINES_DIR=%ENGINES_DIR%
  5. MODULES_DIR=/usr/lib/ossl-modules
  6. PROVIDERS_CNF=/var/etc/ssl/providers.cnf
  7. #1: cnf file
  8. write_cnf_header() {
  9. mkdir -p "$(dirname "$1")" && \
  10. echo "# This file is automatically generated from /etc/config/openssl." >"$1" || {
  11. echo "Error writing to $1."
  12. return 1
  13. }
  14. }
  15. #1: module name
  16. #2: output cnf file
  17. #3: module.so
  18. enable_module() {
  19. local builtin enabled force
  20. config_get_bool builtin "$1" builtin 0
  21. config_get_bool enabled "$1" enabled 1
  22. config_get_bool force "$1" force 0
  23. if [ "$enabled" = 0 ]; then
  24. [ "$builtin" = 0 ] && return 1
  25. echo "Engine $1 is built into the libcrypto library and can't be disabled through UCI."
  26. echo "If the engine was not built-in, remove 'config builtin' from /etc/config/openssl."
  27. elif [ "$force" = 1 ]; then
  28. printf "[Forced] "
  29. elif ! grep -q "\\[ *$1_sect *]" /etc/ssl/modules.cnf.d/*; then
  30. echo "$1: Could not find section [$1] in config files."
  31. return 1
  32. elif [ "$builtin" = 1 ]; then
  33. printf "[Builtin] "
  34. elif [ ! -f "$3" ];then
  35. echo "Skipping $1: $3 not found."
  36. return 1
  37. fi
  38. echo "Enabling $1"
  39. echo "$1=$1_sect" >>"$2"
  40. }
  41. config_engine() {
  42. enable_module "$1" "$ENGINES_CNF" \
  43. "${ENGINES_DIR}/${1}.so"
  44. }
  45. config_provider() {
  46. enable_module "$1" "$PROVIDERS_CNF" \
  47. "${MODULES_DIR}/${1}.so"
  48. }
  49. start() {
  50. local ret=0
  51. config_load openssl
  52. echo Generating engines.cnf
  53. write_cnf_header "${ENGINES_CNF}" && \
  54. config_foreach config_engine engine || ret=$?
  55. echo Generating providers.cnf
  56. write_cnf_header "${PROVIDERS_CNF}" && \
  57. config_foreach config_provider provider || ret=$?
  58. return $ret
  59. }