CMS is back! Use it in LibreSSL > 3.0.2 or with USE_LIBRESSL_CMS=1
This commit is contained in:
parent
beef9f736c
commit
14d0149cdb
2 changed files with 10 additions and 2 deletions
5
Makefile
5
Makefile
|
|
@ -1,10 +1,13 @@
|
|||
#
|
||||
# The Azure agents needs CMS to obtain the SSH public keys.
|
||||
# LibreSSL has removed CMS, so either use OpenSSL to decrypt CMS
|
||||
# messages or compile the old CMS code for LibreSSL.
|
||||
# messages or compile the old CMS code for LibreSSL. Or use
|
||||
# CMS that has returned to newer versions of LibreSSL.
|
||||
#
|
||||
.ifdef USE_OPENSSL
|
||||
MAKE_FLAGS+= USE_OPENSSL=1
|
||||
.elifdef USE_LIBRESSL_CMS
|
||||
MAKE_FLAGS+= USE_LIBRESSL_CMS=1
|
||||
.else
|
||||
SUBDIR= cms
|
||||
.endif
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@
|
|||
#include <pwd.h>
|
||||
#include <err.h>
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#include "main.h"
|
||||
#include "http.h"
|
||||
#include "xml.h"
|
||||
|
|
@ -441,13 +443,16 @@ azure_certificates(struct system_config *sc)
|
|||
|
||||
fd = disable_output(sc, STDERR_FILENO);
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#if defined(USE_OPENSSL)
|
||||
/*
|
||||
* XXX Now comes the part that needs CMS which is only
|
||||
* XXX present in OpenSSL but got removed from LibreSSL.
|
||||
*/
|
||||
log_debug("%s: running openssl cms", __func__);
|
||||
if (shell("/usr/local/bin/eopenssl", "cms", /* )) */
|
||||
#elif defined(USE_LIBRESSL_CMS) || LIBRESSL_VERSION_NUMBER > 0x3000200fL
|
||||
/* And CMS returned to LibreSSL! */
|
||||
if (shell("/usr/bin/openssl", "cms", /* )) */
|
||||
#else
|
||||
if (shell("/usr/local/bin/cms",
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue