Browse Source

CMS is back! Use it in LibreSSL > 3.0.2 or with USE_LIBRESSL_CMS=1

master v1.0
reyk 3 years ago
parent
commit
14d0149cdb
  1. 5
      Makefile
  2. 7
      agent/azure.c

5
Makefile

@ -1,10 +1,13 @@
#
# The Azure agents needs CMS to obtain the SSH public keys.
# LibreSSL has removed CMS, so either use OpenSSL to decrypt CMS
# messages or compile the old CMS code for LibreSSL.
# messages or compile the old CMS code for LibreSSL. Or use
# CMS that has returned to newer versions of LibreSSL.
#
.ifdef USE_OPENSSL
MAKE_FLAGS+= USE_OPENSSL=1
.elifdef USE_LIBRESSL_CMS
MAKE_FLAGS+= USE_LIBRESSL_CMS=1
.else
SUBDIR= cms
.endif

7
agent/azure.c

@ -26,6 +26,8 @@
#include <pwd.h>
#include <err.h>
#include <openssl/opensslv.h>
#include "main.h"
#include "http.h"
#include "xml.h"
@ -441,13 +443,16 @@ azure_certificates(struct system_config *sc)
fd = disable_output(sc, STDERR_FILENO);
#ifdef USE_OPENSSL
#if defined(USE_OPENSSL)
/*
* XXX Now comes the part that needs CMS which is only
* XXX present in OpenSSL but got removed from LibreSSL.
*/
log_debug("%s: running openssl cms", __func__);
if (shell("/usr/local/bin/eopenssl", "cms", /* )) */
#elif defined(USE_LIBRESSL_CMS) || LIBRESSL_VERSION_NUMBER > 0x3000200fL
/* And CMS returned to LibreSSL! */
if (shell("/usr/bin/openssl", "cms", /* )) */
#else
if (shell("/usr/local/bin/cms",
#endif

Loading…
Cancel
Save