Loading pkgs/development/libraries/openssl/default.nix +41 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,9 @@ conf ? null, removeReferencesTo, testers, providers ? [ ], # Each provider in the format { name = "provider-name"; package = <drv>; } autoloadProviders ? false, extraINIConfig ? null, # Extra INI config in the format { section_name = { key = "value"}; } }: # Note: this package is used for bootstrapping fetchurl, and thus Loading Loading @@ -309,6 +312,44 @@ let '' + lib.optionalString (conf != null) '' cat ${conf} > $etc/etc/ssl/openssl.cnf '' # Replace the config's default provider section with the providers we wish # to automatically load + lib.optionalString autoloadProviders '' sed -i '/^[[:space:]]*#/!s|\[provider_sect\]|${ let config-provider-attrset = lib.foldl' (acc: elem: acc // elem) { } ( map (provider: { "${provider.name}" = "${provider.name}_sect"; }) providers ); in lib.escape [ "\n" ] (lib.generators.toINI { } { provider_sect = config-provider-attrset; }) }|' $etc/etc/ssl/openssl.cnf # Activate the default provider sed -i '/^[[:space:]]*#/!s/\[default_sect\]/[default_sect]\nactivate = 1/g' $etc/etc/ssl/openssl.cnf '' + lib.concatStringsSep "\n" ( map (provider: '' cp ${provider.package}/lib/ossl-modules/* "$out/lib/ossl-modules" ${lib.optionalString autoloadProviders '' echo '${ lib.generators.toINI { } { "${provider.name}_sect" = { activate = 1; }; } }' >> $etc/etc/ssl/openssl.cnf ''} '') providers ) + lib.optionalString (extraINIConfig != null) '' echo '${lib.generators.toINI { } extraINIConfig}' >> $etc/etc/ssl/openssl.cnf ''; allowedImpureDLLs = [ "CRYPT32.dll" ]; Loading pkgs/top-level/all-packages.nix +16 −0 Original line number Diff line number Diff line Loading @@ -8176,6 +8176,22 @@ with pkgs; openssl = openssl_3_6; openssl_oqs = openssl.override { providers = [ { name = "oqsprovider"; package = pkgs.oqs-provider; } ]; autoloadProviders = true; extraINIConfig = { tls_system_default = { Groups = "X25519MLKEM768:X25519:P-256:X448:P-521:ffdhe2048:ffdhe3072"; }; }; }; openssl_legacy = openssl.override { conf = ../development/libraries/openssl/3.0/legacy.cnf; }; Loading Loading
pkgs/development/libraries/openssl/default.nix +41 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,9 @@ conf ? null, removeReferencesTo, testers, providers ? [ ], # Each provider in the format { name = "provider-name"; package = <drv>; } autoloadProviders ? false, extraINIConfig ? null, # Extra INI config in the format { section_name = { key = "value"}; } }: # Note: this package is used for bootstrapping fetchurl, and thus Loading Loading @@ -309,6 +312,44 @@ let '' + lib.optionalString (conf != null) '' cat ${conf} > $etc/etc/ssl/openssl.cnf '' # Replace the config's default provider section with the providers we wish # to automatically load + lib.optionalString autoloadProviders '' sed -i '/^[[:space:]]*#/!s|\[provider_sect\]|${ let config-provider-attrset = lib.foldl' (acc: elem: acc // elem) { } ( map (provider: { "${provider.name}" = "${provider.name}_sect"; }) providers ); in lib.escape [ "\n" ] (lib.generators.toINI { } { provider_sect = config-provider-attrset; }) }|' $etc/etc/ssl/openssl.cnf # Activate the default provider sed -i '/^[[:space:]]*#/!s/\[default_sect\]/[default_sect]\nactivate = 1/g' $etc/etc/ssl/openssl.cnf '' + lib.concatStringsSep "\n" ( map (provider: '' cp ${provider.package}/lib/ossl-modules/* "$out/lib/ossl-modules" ${lib.optionalString autoloadProviders '' echo '${ lib.generators.toINI { } { "${provider.name}_sect" = { activate = 1; }; } }' >> $etc/etc/ssl/openssl.cnf ''} '') providers ) + lib.optionalString (extraINIConfig != null) '' echo '${lib.generators.toINI { } extraINIConfig}' >> $etc/etc/ssl/openssl.cnf ''; allowedImpureDLLs = [ "CRYPT32.dll" ]; Loading
pkgs/top-level/all-packages.nix +16 −0 Original line number Diff line number Diff line Loading @@ -8176,6 +8176,22 @@ with pkgs; openssl = openssl_3_6; openssl_oqs = openssl.override { providers = [ { name = "oqsprovider"; package = pkgs.oqs-provider; } ]; autoloadProviders = true; extraINIConfig = { tls_system_default = { Groups = "X25519MLKEM768:X25519:P-256:X448:P-521:ffdhe2048:ffdhe3072"; }; }; }; openssl_legacy = openssl.override { conf = ../development/libraries/openssl/3.0/legacy.cnf; }; Loading
