| Message ID | 20260216150201.2100724-1-jlu@pengutronix.de |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [v2] openssl: add support for config snippet includes | expand |
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb index c0d02b617ba5..94fda03ea206 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb @@ -186,6 +186,13 @@ do_install () { fi } +do_install:append:class-target () { + # Add support for config snippet includes + echo "" >> ${D}${sysconfdir}/ssl/openssl.cnf + echo ".include ${sysconfdir}/ssl/openssl.cnf.d" >> ${D}${sysconfdir}/ssl/openssl.cnf + install -d ${D}${sysconfdir}/ssl/openssl.cnf.d +} + do_install:append:class-native () { create_wrapper ${D}${bindir}/openssl \ OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \
This allows configuration (such as enabling providers) to be done by adding snippet files to /etc/ssl/openssl.cnf.d instead of modifying a copy of the full configuration file. As new snippets can be added from separate recipes, targeted changes can be done in multiple layers. For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf containing something like: [default_sect] activate = 1 [provider_sect] pkcs11 = pkcs11_sect [pkcs11_sect] pkcs11-module-path = /usr/lib/libckteec.so.0 pkcs11-module-quirks = no-operation-state no-deinit pkcs11-module-encode-provider-uri-to-pem = true activate = 1 Signed-off-by: Jan Luebbe <jlu@pengutronix.de> --- meta/recipes-connectivity/openssl/openssl_3.5.5.bb | 7 +++++++ 1 file changed, 7 insertions(+)