forked from wolfSSL/wolfProvider
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlibwolfprov.postinst
More file actions
executable file
·113 lines (82 loc) · 3.5 KB
/
libwolfprov.postinst
File metadata and controls
executable file
·113 lines (82 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/sh
set -e
# Check if we are in replace-default mode by reading the openssl version
REPLACE_DEFAULT=0
if command -v openssl >/dev/null 2>&1; then
OPENSSL_VERSION=$(openssl version)
if echo "$OPENSSL_VERSION" | grep -q "replace-default"; then
REPLACE_DEFAULT=1
fi
fi
if [ "$1" = "configure" ]; then
if [ $REPLACE_DEFAULT -eq 1 ]; then
cat <<'EOF'
============================================================
wolfProvider Installation Notes
============================================================
wolfProvider is installed in replace-default mode with a
patched version of OpenSSL that uses wolfProvider as the
crypto backend. wolfProvider will appear as the 'default'
provider.
No other conf file modifications or environment variables
are required.
To verify installation, run:
openssl version
openssl list -providers
wolfProvider configuration file installed at:
/etc/ssl/openssl.cnf.d/wolfprovider.conf
============================================================
EOF
else
cat <<'EOF'
============================================================
wolfProvider Installation Notes
============================================================
To use wolfProvider with OpenSSL, choose ONE of the options
below depending on your use case.
1) System-wide enable:
Add the following line to your /etc/ssl/openssl.cnf:
.include /etc/ssl/openssl.cnf.d/wolfprovider.conf
This makes wolfProvider available to applications that
execute with the standard system OpenSSL configuration.
Note that many applications, such as anything executing
from systemd, will ignore the global configuration
entirely and will not use wolfProvider.
2) Per-command enable (no system-wide changes)
Set OPENSSL_CONF environment variable when running applications:
OPENSSL_CONF=/etc/ssl/openssl.cnf.d/wolfprovider.conf <your-application>
Most applications with standard environment variable handling will
be able to use this method, not just the openssl binary. For example:
OPENSSL_CONF=/etc/ssl/openssl.cnf.d/wolfprovider.conf openssl <command>
This enables use of wolfProvider whenever the environment variable
is set for the current shell.
3) Application-level integration (for developers)
In your application, you can create a dedicated OpenSSL
library context and explicitly load wolfProvider, e.g.:
OSSL_LIB_CTX *wpLibCtx = OSSL_LIB_CTX_new();
OSSL_PROVIDER *wpProv = OSSL_PROVIDER_load(wpLibCtx, "wolfprovider");
/* Use wpLibCtx with EVP, etc. */
EVP_function(wpLibCtx, ...);
OSSL_PROVIDER_unload(wpProv);
OSSL_LIB_CTX_free(wpLibCtx);
This keeps wolfProvider usage scoped to specific code paths
without requiring any system-wide configuration changes.
To verify installation and configuration, run:
openssl version
openssl list -providers
wolfProvider configuration file installed at:
/etc/ssl/openssl.cnf.d/wolfprovider.conf
============================================================
EOF
fi
fi
# Search for the openssl.cnf file in /usr, /lib and /etc
CONF_FILES=$(find /usr /lib /etc -name openssl.cnf 2>/dev/null)
# Warn user on install or removal if our config file is already included.
for CONF_FILE in $CONF_FILES; do
if grep '.include' "$CONF_FILE" | grep -q "wolfprovider.conf"; then
echo "WARNING: wolfprovider.conf is already included in $CONF_FILE"
fi
done
#DEBHELPER#
exit 0