From 7e60138c3231203a7f61130982560b7db6ec892c Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Tue, 6 Jun 2017 19:01:55 +0300 Subject: Add support for openssl-envvar module option --- mod/build-config.cxx | 3 ++- mod/mod-build-result.cxx | 4 +++- mod/mod-build-task.cxx | 4 +++- mod/options.cli | 15 +++++++++++++++ 4 files changed, 23 insertions(+), 3 deletions(-) (limited to 'mod') diff --git a/mod/build-config.cxx b/mod/build-config.cxx index 9e30b64..6b59e54 100644 --- a/mod/build-config.cxx +++ b/mod/build-config.cxx @@ -71,7 +71,8 @@ namespace brep p = d / de.path (); openssl os (p, path ("-"), 2, - o.openssl (), "pkey", + process_env (o.openssl (), o.openssl_envvar ()), + "pkey", o.openssl_option (), "-pubin", "-outform", "DER"); vector k (os.in.read_binary ()); diff --git a/mod/mod-build-result.cxx b/mod/mod-build-result.cxx index 41bfb2b..21e1de6 100644 --- a/mod/mod-build-result.cxx +++ b/mod/mod-build-result.cxx @@ -293,7 +293,9 @@ handle (request& rq, response&) { openssl os (print_args, path ("-"), fdstream_mode::text, 2, - options_->openssl (), "rsautl", + process_env (options_->openssl (), + options_->openssl_envvar ()), + "rsautl", options_->openssl_option (), "-verify", "-pubin", "-inkey", i->second); diff --git a/mod/mod-build-task.cxx b/mod/mod-build-task.cxx index c018b65..dc9910f 100644 --- a/mod/mod-build-task.cxx +++ b/mod/mod-build-task.cxx @@ -271,7 +271,9 @@ handle (request& rq, response& rs) openssl os (print_args, nullfd, path ("-"), 2, - options_->openssl (), "rand", + process_env (options_->openssl (), + options_->openssl_envvar ()), + "rand", options_->openssl_option (), 64); vector nonce (os.in.read_binary ()); diff --git a/mod/options.cli b/mod/options.cli index e6beb6e..7460ef7 100644 --- a/mod/options.cli +++ b/mod/options.cli @@ -71,6 +71,21 @@ namespace brep \cb{openssl} for details). Repeat this option to specify multiple openssl options." } + + strings openssl-envvar + { + "[=value]", + "Environment variable to be set (=) or unset (just + ) for the openssl program (see \cb{openssl} for details). + Repeat this option to specify multiple openssl variables. Note + that unspecified variables are inherited from the web server + process. + + You need to at least set the \cb{RANDFILE} environment variable + to change the default location of the openssl program seed file + and maybe also the \cb{OPENSSL_CONF} variable if you would like + to use a custom openssl configuration file." + } }; class package_db -- cgit v1.1