package/libs/openssl/files/openssl.init

#!/bin/sh /etc/rc.common

START=13
ENGINES_CNF=/var/etc/ssl/engines.cnf
ENGINES_DIR=%ENGINES_DIR%
MODULES_DIR=/usr/lib/ossl-modules
PROVIDERS_CNF=/var/etc/ssl/providers.cnf

#1: cnf file
write_cnf_header() {
	mkdir -p "$(dirname "$1")" && \
	echo "# This file is automatically generated from /etc/config/openssl." >"$1" || {
		echo "Error writing to $1."
		return 1
	}
}


#1: module name
#2: output cnf file
#3: module.so
enable_module() {
	local builtin enabled force

	config_get_bool builtin "$1" builtin 0
	config_get_bool enabled "$1" enabled 1
	config_get_bool force "$1" force 0

	if [ "$enabled" = 0 ]; then
		[ "$builtin" = 0 ] && return 1
		echo "Engine $1 is built into the libcrypto library and can't be disabled through UCI."
		echo "If the engine was not built-in, remove 'config builtin' from /etc/config/openssl."
	elif [ "$force" = 1 ]; then
		printf "[Forced] "
	elif ! grep -q "\\[ *$1_sect *]" /etc/ssl/modules.cnf.d/*; then
		echo "$1: Could not find section [$1] in config files."
		return 1
	elif [ "$builtin" = 1 ]; then
		printf "[Builtin] "
	elif [ ! -f "$3" ];then
		echo "Skipping $1: $3 not found."
		return 1
	fi
	echo "Enabling $1"
	echo "$1=$1_sect" >>"$2"
}

config_engine() {
	enable_module "$1" "$ENGINES_CNF" \
		      "${ENGINES_DIR}/${1}.so"
}

config_provider() {
	enable_module "$1" "$PROVIDERS_CNF" \
		      "${MODULES_DIR}/${1}.so"
}

start() {
	local ret=0

        config_load openssl

	echo Generating engines.cnf
	write_cnf_header "${ENGINES_CNF}" && \
	config_foreach config_engine engine || ret=$?

	echo Generating providers.cnf
	write_cnf_header "${PROVIDERS_CNF}" && \
	config_foreach config_provider provider || ret=$?

	return $ret
}