From: Jan Luebbe <jlu@pengutronix.de>
To: openembedded-core@lists.openembedded.org
Cc: Jan Luebbe <jlu@pengutronix.de>
Subject: [PATCH] openssl: add support for config snippet includes
Date: Fri, 13 Feb 2026 18:47:29 +0100 [thread overview]
Message-ID: <20260213174730.1197940-1-jlu@pengutronix.de> (raw)
This allows configuration (such as enabling providers) to be done by
adding snippet files to /usr/lib/ssl-3/openssl.cnf.d or
/etc/ssl/openssl.cnf.d instead of modifying a copy of the full
configuration file. As new snippets can be added from separate recipes,
targeted changes can be done in multiple layers.
For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf
containing something like:
[default_sect]
activate = 1
[provider_sect]
pkcs11 = pkcs11_sect
[pkcs11_sect]
pkcs11-module-path = /usr/lib/libckteec.so.0
pkcs11-module-quirks = no-operation-state no-deinit
pkcs11-module-encode-provider-uri-to-pem = true
activate = 1
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
---
meta/recipes-connectivity/openssl/openssl_3.5.5.bb | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
index c0d02b617ba5..7375867dd1df 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
@@ -186,6 +186,16 @@ do_install () {
fi
}
+do_install:append:class-target () {
+ # Add support for config snippet includes
+ echo "" >> ${D}${sysconfdir}/ssl/openssl.cnf
+ echo ".include ${libdir}/ssl-3/openssl.cnf.d" >> ${D}${sysconfdir}/ssl/openssl.cnf
+ echo ".include ${sysconfdir}/ssl/openssl.cnf.d" >> ${D}${sysconfdir}/ssl/openssl.cnf
+
+ install -d ${D}${libdir}/ssl-3/openssl.cnf.d
+ install -d ${D}${sysconfdir}/ssl/openssl.cnf.d
+}
+
do_install:append:class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \
--
2.47.3
next reply other threads:[~2026-02-13 17:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-13 17:47 Jan Luebbe [this message]
2026-02-15 18:05 ` [OE-core] [PATCH] openssl: add support for config snippet includes Mathieu Dubois-Briand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260213174730.1197940-1-jlu@pengutronix.de \
--to=jlu@pengutronix.de \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox