Hi,
I was packaging LibreSSL for a GNU/Linux distro (ROSA) and had to
slightly patch it to adopt for needed usage scenario.
I wanted LibreSSL to:
- coexist with OpenSSL
- be installed into /opt
- do not conflict with OpenSSL devel packages
- use /etc/ssl (/etc/pki/tls in ROSA) from OpenSSL
For this purpose, it is required to be able to separate configs of
OpenSSL and LibreSSL.
Example:
export CFLAGS="$CFLAGS -DX509_CONF_FILE='\"/etc/ssl/libressl.cnf\"'"
Proof that this patch works:
[root@rosa-2019 ~]# strace -f libressl -h 2>&1 | grep -E
'openssl.cnf|libressl.cnf'
openat(AT_FDCWD, "/etc/pki/tls/libressl.cnf", O_RDONLY) = 3
[root@rosa-2019 ~]#
Full build spec is here: https://abf.io/import/libressl
Patch is attached, diff is also copypasted bellow.
-------------------------------------------------------------------------
diff --git a/src/lib/libcrypto/conf/conf_mod.c
b/src/lib/libcrypto/conf/conf_mod.c
index 9f252385e..f5271c89d 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -545,8 +545,12 @@ CONF_get1_default_config_file(void)
{
char *file = NULL;
+#ifndef X509_CONF_FILE
if (asprintf(&file, "%s/openssl.cnf",
X509_get_default_cert_area()) == -1)
+#else
+ if (asprintf(&file, X509_CONF_FILE) == -1)
+#endif
return (NULL);
return file;
}
diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index c9a2f34b2..313d6ecee 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1213,7 +1213,11 @@ make_config_name()
const char *t = X509_get_default_cert_area();
char *p;
+#ifndef X509_CONF_FILE
if (asprintf(&p, "%s/openssl.cnf", t) == -1)
+#else
+ if (asprintf(&p, X509_CONF_FILE) == -1)
+#endif
return NULL;
return p;
}
>From 4074611c49806fa5e8937a5aa24d9084235a89a5 Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyo...@rosalinux.ru>
Date: Fri, 29 Nov 2019 21:24:49 +0300
Subject: [PATCH] Allow custom config location
I want LibreSSL to:
- coexist with OpenSSL
- be installed into /opt
- do not conflict with OpenSSL devel packages
- use /etc/ssl (/etc/pki/tls in ROSA) from OpenSSL
For this purpose, it is required to be able to separate configs of OpenSSL and LibreSSL.
Example:
export CFLAGS="$CFLAGS -DX509_CONF_FILE='\"/etc/ssl/libressl.cnf\"'"
---
src/lib/libcrypto/conf/conf_mod.c | 4 ++++
src/usr.bin/openssl/apps.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index 9f252385e..f5271c89d 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -545,8 +545,12 @@ CONF_get1_default_config_file(void)
{
char *file = NULL;
+#ifndef X509_CONF_FILE
if (asprintf(&file, "%s/openssl.cnf",
X509_get_default_cert_area()) == -1)
+#else
+ if (asprintf(&file, X509_CONF_FILE) == -1)
+#endif
return (NULL);
return file;
}
diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index c9a2f34b2..313d6ecee 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1213,7 +1213,11 @@ make_config_name()
const char *t = X509_get_default_cert_area();
char *p;
+#ifndef X509_CONF_FILE
if (asprintf(&p, "%s/openssl.cnf", t) == -1)
+#else
+ if (asprintf(&p, X509_CONF_FILE) == -1)
+#endif
return NULL;
return p;
}
--
2.20.1
