| #!/bin/sh /etc/rc.common |
| |
| START=13 |
| ENGINES_CNF=/var/etc/ssl/engines.cnf |
| ENGINES_DIR=%ENGINES_DIR% |
| MODULES_DIR=/usr/lib/ossl-modules |
| PROVIDERS_CNF=/var/etc/ssl/providers.cnf |
| |
| #1: cnf file |
| write_cnf_header() { |
| mkdir -p "$(dirname "$1")" && \ |
| echo "# This file is automatically generated from /etc/config/openssl." >"$1" || { |
| echo "Error writing to $1." |
| return 1 |
| } |
| } |
| |
| |
| #1: module name |
| #2: output cnf file |
| #3: module.so |
| enable_module() { |
| local builtin enabled force |
| |
| config_get_bool builtin "$1" builtin 0 |
| config_get_bool enabled "$1" enabled 1 |
| config_get_bool force "$1" force 0 |
| |
| if [ "$enabled" = 0 ]; then |
| [ "$builtin" = 0 ] && return 1 |
| echo "Engine $1 is built into the libcrypto library and can't be disabled through UCI." |
| echo "If the engine was not built-in, remove 'config builtin' from /etc/config/openssl." |
| elif [ "$force" = 1 ]; then |
| printf "[Forced] " |
| elif ! grep -q "\\[ *$1_sect *]" /etc/ssl/modules.cnf.d/*; then |
| echo "$1: Could not find section [$1] in config files." |
| return 1 |
| elif [ "$builtin" = 1 ]; then |
| printf "[Builtin] " |
| elif [ ! -f "$3" ];then |
| echo "Skipping $1: $3 not found." |
| return 1 |
| fi |
| echo "Enabling $1" |
| echo "$1=$1_sect" >>"$2" |
| } |
| |
| config_engine() { |
| enable_module "$1" "$ENGINES_CNF" \ |
| "${ENGINES_DIR}/${1}.so" |
| } |
| |
| config_provider() { |
| enable_module "$1" "$PROVIDERS_CNF" \ |
| "${MODULES_DIR}/${1}.so" |
| } |
| |
| start() { |
| local ret=0 |
| |
| config_load openssl |
| |
| echo Generating engines.cnf |
| write_cnf_header "${ENGINES_CNF}" && \ |
| config_foreach config_engine engine || ret=$? |
| |
| echo Generating providers.cnf |
| write_cnf_header "${PROVIDERS_CNF}" && \ |
| config_foreach config_provider provider || ret=$? |
| |
| return $ret |
| } |