CMS is back! Use it in LibreSSL > 3.0.2 or with USE_LIBRESSL_CMS=1

This commit is contained in:
reykfloeter 2019-11-29 17:22:07 +00:00
parent beef9f736c
commit 14d0149cdb
2 changed files with 10 additions and 2 deletions

View file

@ -1,10 +1,13 @@
#
# The Azure agents needs CMS to obtain the SSH public keys.
# LibreSSL has removed CMS, so either use OpenSSL to decrypt CMS
# messages or compile the old CMS code for LibreSSL.
# messages or compile the old CMS code for LibreSSL. Or use
# CMS that has returned to newer versions of LibreSSL.
#
.ifdef USE_OPENSSL
MAKE_FLAGS+= USE_OPENSSL=1
.elifdef USE_LIBRESSL_CMS
MAKE_FLAGS+= USE_LIBRESSL_CMS=1
.else
SUBDIR= cms
.endif

View file

@ -26,6 +26,8 @@
#include <pwd.h>
#include <err.h>
#include <openssl/opensslv.h>
#include "main.h"
#include "http.h"
#include "xml.h"
@ -441,13 +443,16 @@ azure_certificates(struct system_config *sc)
fd = disable_output(sc, STDERR_FILENO);
#ifdef USE_OPENSSL
#if defined(USE_OPENSSL)
/*
* XXX Now comes the part that needs CMS which is only
* XXX present in OpenSSL but got removed from LibreSSL.
*/
log_debug("%s: running openssl cms", __func__);
if (shell("/usr/local/bin/eopenssl", "cms", /* )) */
#elif defined(USE_LIBRESSL_CMS) || LIBRESSL_VERSION_NUMBER > 0x3000200fL
/* And CMS returned to LibreSSL! */
if (shell("/usr/bin/openssl", "cms", /* )) */
#else
if (shell("/usr/local/bin/cms",
#endif