aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/build-config.cxx3
-rw-r--r--mod/mod-build-result.cxx4
-rw-r--r--mod/mod-build-task.cxx4
-rw-r--r--mod/options.cli15
4 files changed, 23 insertions, 3 deletions
diff --git a/mod/build-config.cxx b/mod/build-config.cxx
index 9e30b64..6b59e54 100644
--- a/mod/build-config.cxx
+++ b/mod/build-config.cxx
@@ -71,7 +71,8 @@ namespace brep
p = d / de.path ();
openssl os (p, path ("-"), 2,
- o.openssl (), "pkey",
+ process_env (o.openssl (), o.openssl_envvar ()),
+ "pkey",
o.openssl_option (), "-pubin", "-outform", "DER");
vector<char> k (os.in.read_binary ());
diff --git a/mod/mod-build-result.cxx b/mod/mod-build-result.cxx
index 41bfb2b..21e1de6 100644
--- a/mod/mod-build-result.cxx
+++ b/mod/mod-build-result.cxx
@@ -293,7 +293,9 @@ handle (request& rq, response&)
{
openssl os (print_args,
path ("-"), fdstream_mode::text, 2,
- options_->openssl (), "rsautl",
+ process_env (options_->openssl (),
+ options_->openssl_envvar ()),
+ "rsautl",
options_->openssl_option (),
"-verify", "-pubin", "-inkey", i->second);
diff --git a/mod/mod-build-task.cxx b/mod/mod-build-task.cxx
index c018b65..dc9910f 100644
--- a/mod/mod-build-task.cxx
+++ b/mod/mod-build-task.cxx
@@ -271,7 +271,9 @@ handle (request& rq, response& rs)
openssl os (print_args,
nullfd, path ("-"), 2,
- options_->openssl (), "rand",
+ process_env (options_->openssl (),
+ options_->openssl_envvar ()),
+ "rand",
options_->openssl_option (), 64);
vector<char> nonce (os.in.read_binary ());
diff --git a/mod/options.cli b/mod/options.cli
index e6beb6e..7460ef7 100644
--- a/mod/options.cli
+++ b/mod/options.cli
@@ -71,6 +71,21 @@ namespace brep
\cb{openssl} for details). Repeat this option to specify multiple
openssl options."
}
+
+ strings openssl-envvar
+ {
+ "<name>[=value]",
+ "Environment variable to be set (<name>=<value>) or unset (just
+ <name>) for the openssl program (see \cb{openssl} for details).
+ Repeat this option to specify multiple openssl variables. Note
+ that unspecified variables are inherited from the web server
+ process.
+
+ You need to at least set the \cb{RANDFILE} environment variable
+ to change the default location of the openssl program seed file
+ and maybe also the \cb{OPENSSL_CONF} variable if you would like
+ to use a custom openssl configuration file."
+ }
};
class package_db