package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Eneas U de Queiroz <cotequeiroz@gmail.com>
   3 Date: Sat, 27 Mar 2021 17:43:25 -0300
   4 Subject: openssl.cnf: add engine configuration
   5
   6 This adds configuration options for engines, loading all cnf files under
   7 /etc/ssl/engines.cnf.d/.
   8
   9 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
  10
  11 --- a/apps/openssl.cnf
  12 +++ b/apps/openssl.cnf
  13 @@ -52,10 +52,13 @@ tsa_policy3 = 1.2.3.4.5.7
  14
  15  [openssl_init]
  16  providers = provider_sect
  17 +engines = engines_sect
  18
  19  # List of providers to load
  20  [provider_sect]
  21  default = default_sect
  22 +.include /var/etc/ssl/providers.cnf
  23 +
  24  # The fips section name should match the section name inside the
  25  # included fipsmodule.cnf.
  26  # fips = fips_sect
  27 @@ -69,7 +72,13 @@ default = default_sect
  28  # OpenSSL may not work correctly which could lead to significant system
  29  # problems including inability to remotely access the system.
  30  [default_sect]
  31 -# activate = 1
  32 +activate = 1
  33 +
  34 +[engines_sect]
  35 +.include /var/etc/ssl/engines.cnf
  36 +
  37 +.include /etc/ssl/modules.cnf.d
  38 +
  39
  40
  41  ####################################################################