git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Fri, 1 Dec 2023 19:02:09 +0000 (14:02 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 21 Dec 2023 14:22:40 +0000 (09:22 -0500)
commit	506ff20662a228b17840f0b49865a927a45c2908
tree	fa99ab163899cb138800889aea431aa364c588ee	tree \| snapshot
parent	5528bfbc647c68b6e03262099830ddd1c49dfa23	commit \| diff

Make the activate setting more intuitive

Currently, a provider is activated from our config file using the
activate parameter.  However, the presence of the config parameter is
sufficient to trigger activation, leading to a counterintuitive
situation in which setting "activate = 0" still activates the provider

Make activation more intuitive by requiring that activate be set to one
of yes|true|1 to trigger activation.  Any other value, as well as
omitting the parameter entirely, prevents activation (and also maintains
backward compatibility.

It seems a bit heavyweight to create a test specifically to validate the
plurality of these settings.  Instead, modify the exiting openssl config
files in the test directory to use variants of these settings, and
augment the default.cnf file to include a provider section that is
explicitly disabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22906)

CHANGES.md		diff \| blob \| blame \| history
crypto/provider_conf.c		diff \| blob \| blame \| history
doc/man5/config.pod		diff \| blob \| blame \| history
test/default-and-fips.cnf		diff \| blob \| blame \| history
test/default.cnf		diff \| blob \| blame \| history
test/evp_fetch_prov_test.c		diff \| blob \| blame \| history