openssl: Add provider support (23d0e5f3) · Commits · nix / nixpkgs

pkgs/development/libraries/openssl/default.nix

+22 −0

Original line number	Diff line number	Diff line
		@@ -25,6 +25,8 @@
		conf ? null,
		removeReferencesTo,
		testers,
		providers ? [ ],
		autoloadProviders ? false,
		}:

		# Note: this package is used for bootstrapping fetchurl, and thus
		@@ -307,6 +309,26 @@ let
		''
		+ lib.optionalString (conf != null) ''
		cat ${conf} > $etc/etc/ssl/openssl.cnf
		''

		+ lib.concatStringsSep "\n" (
		map
		(provider: ''
		cp --no-preserve=mode ${provider.package}/lib/ossl-modules/* "$out/lib/ossl-modules"

		${lib.optionalString (autoloadProviders) ''
		sed -i '/^[[:space:]]*#/!s/\[provider_sect\]/[provider_sect]\n${provider.name} = ${provider.name}_sect/g' $etc/etc/ssl/openssl.cnf
		echo -e "\n[${provider.name}_sect]" >> $etc/etc/ssl/openssl.cnf
		echo "activate = 1" >> $etc/etc/ssl/openssl.cnf
		''}
		'')

		providers
		)

		+ lib.optionalString (autoloadProviders) ''
		# The default provider needs loading when there are other providers loaded by default
		sed -i '/^[[:space:]]*#/!s/\[default_sect\]/[default_sect]\nactivate = 1/g' $etc/etc/ssl/openssl.cnf
		'';

		allowedImpureDLLs = [ "CRYPT32.dll" ];