From 7e60138c3231203a7f61130982560b7db6ec892c Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Tue, 6 Jun 2017 19:01:55 +0300
Subject: Add support for openssl-envvar module option

---
 mod/build-config.cxx     |  3 ++-
 mod/mod-build-result.cxx |  4 +++-
 mod/mod-build-task.cxx   |  4 +++-
 mod/options.cli          | 15 +++++++++++++++
 4 files changed, 23 insertions(+), 3 deletions(-)

(limited to 'mod')

diff --git a/mod/build-config.cxx b/mod/build-config.cxx
index 9e30b64..6b59e54 100644
--- a/mod/build-config.cxx
+++ b/mod/build-config.cxx
@@ -71,7 +71,8 @@ namespace brep
           p = d / de.path ();
 
           openssl os (p, path ("-"), 2,
-                      o.openssl (), "pkey",
+                      process_env (o.openssl (), o.openssl_envvar ()),
+                      "pkey",
                       o.openssl_option (), "-pubin", "-outform", "DER");
 
           vector<char> k (os.in.read_binary ());
diff --git a/mod/mod-build-result.cxx b/mod/mod-build-result.cxx
index 41bfb2b..21e1de6 100644
--- a/mod/mod-build-result.cxx
+++ b/mod/mod-build-result.cxx
@@ -293,7 +293,9 @@ handle (request& rq, response&)
           {
             openssl os (print_args,
                         path ("-"), fdstream_mode::text, 2,
-                        options_->openssl (), "rsautl",
+                        process_env (options_->openssl (),
+                                     options_->openssl_envvar ()),
+                        "rsautl",
                         options_->openssl_option (),
                         "-verify", "-pubin", "-inkey", i->second);
 
diff --git a/mod/mod-build-task.cxx b/mod/mod-build-task.cxx
index c018b65..dc9910f 100644
--- a/mod/mod-build-task.cxx
+++ b/mod/mod-build-task.cxx
@@ -271,7 +271,9 @@ handle (request& rq, response& rs)
 
           openssl os (print_args,
                       nullfd, path ("-"), 2,
-                      options_->openssl (), "rand",
+                      process_env (options_->openssl (),
+                                   options_->openssl_envvar ()),
+                      "rand",
                       options_->openssl_option (), 64);
 
           vector<char> nonce (os.in.read_binary ());
diff --git a/mod/options.cli b/mod/options.cli
index e6beb6e..7460ef7 100644
--- a/mod/options.cli
+++ b/mod/options.cli
@@ -71,6 +71,21 @@ namespace brep
          \cb{openssl} for details). Repeat this option to specify multiple
          openssl options."
       }
+
+      strings openssl-envvar
+      {
+        "<name>[=value]",
+        "Environment variable to be set (<name>=<value>) or unset (just
+         <name>) for the openssl program (see \cb{openssl} for details).
+         Repeat this option to specify multiple openssl variables. Note
+         that unspecified variables are inherited from the web server
+         process.
+
+         You need to at least set the \cb{RANDFILE} environment variable
+         to change the default location of the openssl program seed file
+         and maybe also the \cb{OPENSSL_CONF} variable if you would like
+         to use a custom openssl configuration file."
+      }
     };
 
     class package_db
-- 
cgit v1.1