@@ -186,6 +186,16 @@ do_install () {
fi
}
+do_install:append:class-target () {
+ # Add support for config snippet includes
+ echo "" >> ${D}${sysconfdir}/ssl/openssl.cnf
+ echo ".include ${libdir}/ssl-3/openssl.cnf.d" >> ${D}${sysconfdir}/ssl/openssl.cnf
+ echo ".include ${sysconfdir}/ssl/openssl.cnf.d" >> ${D}${sysconfdir}/ssl/openssl.cnf
+
+ install -d ${D}${libdir}/ssl-3/openssl.cnf.d
+ install -d ${D}${sysconfdir}/ssl/openssl.cnf.d
+}
+
do_install:append:class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \
This allows configuration (such as enabling providers) to be done by adding snippet files to /usr/lib/ssl-3/openssl.cnf.d or /etc/ssl/openssl.cnf.d instead of modifying a copy of the full configuration file. As new snippets can be added from separate recipes, targeted changes can be done in multiple layers. For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf containing something like: [default_sect] activate = 1 [provider_sect] pkcs11 = pkcs11_sect [pkcs11_sect] pkcs11-module-path = /usr/lib/libckteec.so.0 pkcs11-module-quirks = no-operation-state no-deinit pkcs11-module-encode-provider-uri-to-pem = true activate = 1 Signed-off-by: Jan Luebbe <jlu@pengutronix.de> --- meta/recipes-connectivity/openssl/openssl_3.5.5.bb | 10 ++++++++++ 1 file changed, 10 insertions(+)