From: Jan Luebbe Date: Mon, 16 Feb 2026 15:02:01 +0000 (+0100) Subject: openssl: add support for config snippet includes X-Git-Tag: yocto-6.0_M2~24 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=34bafcf3d8cdaa87506df30ef554d18981454c5e;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git openssl: add support for config snippet includes This allows configuration (such as enabling providers) to be done by adding snippet files to /etc/ssl/openssl.cnf.d instead of modifying a copy of the full configuration file. As new snippets can be added from separate recipes, targeted changes can be done in multiple layers. For example, the pkcs11-provider can be enabled by adding a pkcs11.cnf containing something like: [default_sect] activate = 1 [provider_sect] pkcs11 = pkcs11_sect [pkcs11_sect] pkcs11-module-path = /usr/lib/libckteec.so.0 pkcs11-module-quirks = no-operation-state no-deinit pkcs11-module-encode-provider-uri-to-pem = true activate = 1 Signed-off-by: Jan Luebbe Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb index 7f81b976ba..a713d4bbcd 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb @@ -187,6 +187,13 @@ do_install () { fi } +do_install:append:class-target () { + # Add support for config snippet includes + echo "" >> ${D}${sysconfdir}/ssl/openssl.cnf + echo ".include ${sysconfdir}/ssl/openssl.cnf.d" >> ${D}${sysconfdir}/ssl/openssl.cnf + install -d ${D}${sysconfdir}/ssl/openssl.cnf.d +} + do_install:append:class-native () { create_wrapper ${D}${bindir}/openssl \ OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \