openwrt/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch

42 lines
1.1 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Sat, 27 Mar 2021 17:43:25 -0300
Subject: openssl.cnf: add engine configuration
This adds configuration options for engines, loading all cnf files under
/etc/ssl/engines.cnf.d/.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -52,10 +52,13 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+engines = engines_sect
# List of providers to load
[provider_sect]
default = default_sect
+.include /var/etc/ssl/providers.cnf
+
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
@@ -69,7 +72,13 @@ default = default_sect
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
-# activate = 1
+activate = 1
+
+[engines_sect]
+.include /var/etc/ssl/engines.cnf
+
+.include /etc/ssl/modules.cnf.d
+
####################################################################