[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Mon Feb 11 14:25:11 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  95f59d398c3f28f7ee50f092106c5910d25f9e30 (commit)
      from  a12b338f06442573a04932dbedaad3023113ee25 (commit)


- Log -----------------------------------------------------------------
commit 95f59d398c3f28f7ee50f092106c5910d25f9e30
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Fri Feb 1 14:32:36 2019 +0100

    Allow the syntax of the .include directive to optionally have '='
    
    If the old openssl versions not supporting the .include directive
    load a config file with it, they will bail out with error.
    
    This change allows using the .include = <filename> syntax which
    is interpreted as variable assignment by the old openssl
    config file parser.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8141)
    
    (cherry picked from commit 9d5560331d86c6463e965321f774e4eed582ce0b)

-----------------------------------------------------------------------

Summary of changes:
 crypto/conf/conf_def.c                                             | 7 ++++++-
 doc/man5/config.pod                                                | 7 +++++++
 test/recipes/90-test_includes.t                                    | 4 +++-
 .../{includes-file.cnf => includes-eq-ws.cnf}                      | 2 +-
 .../90-test_includes_data/{includes-file.cnf => includes-eq.cnf}   | 2 +-
 5 files changed, 18 insertions(+), 4 deletions(-)
 copy test/recipes/90-test_includes_data/{includes-file.cnf => includes-eq-ws.cnf} (66%)
 copy test/recipes/90-test_includes_data/{includes-file.cnf => includes-eq.cnf} (68%)

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 7f0d70e..450eeb9 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -348,10 +348,15 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 psection = section;
             }
             p = eat_ws(conf, end);
-            if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+            if (strncmp(pname, ".include", 8) == 0
+                && (p != pname + 8 || *p == '=')) {
                 char *include = NULL;
                 BIO *next;
 
+                if (*p == '=') {
+                    p++;
+                    p = eat_ws(conf, p);
+                }
                 trim_ws(conf, p);
                 if (!str_copy(conf, psection, &include, p))
                     goto err;
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 3e110b0..7f21cdc 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -42,6 +42,13 @@ working directory so unless the configuration file containing the
 B<.include> directive is application specific the inclusion will not
 work as expected.
 
+There can be optional B<=> character and whitespace characters between
+B<.include> directive and the path which can be useful in cases the
+configuration file needs to be loaded by old OpenSSL versions which do
+not support the B<.include> syntax. They would bail out with error
+if the B<=> character is not present but with it they just ignore
+the include.
+
 Each section in a configuration file consists of a number of name and
 value pairs of the form B<name=value>
 
diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t
index 5169700..c6a86fc 100644
--- a/test/recipes/90-test_includes.t
+++ b/test/recipes/90-test_includes.t
@@ -11,11 +11,13 @@ plan skip_all => "test_includes doesn't work without posix-io"
     if disabled("posix-io");
 
 plan tests =>                   # The number of tests being performed
-    3
+    5
     + ($^O eq "VMS" ? 2 : 0);
 
 ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes");
 ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test file includes");
+ok(run(test(["conf_include_test", data_file("includes-eq.cnf")])), "test includes with equal character");
+ok(run(test(["conf_include_test", data_file("includes-eq-ws.cnf")])), "test includes with equal and whitespaces");
 if ($^O eq "VMS") {
     ok(run(test(["conf_include_test", data_file("vms-includes.cnf")])),
        "test directory includes, VMS syntax");
diff --git a/test/recipes/90-test_includes_data/includes-file.cnf b/test/recipes/90-test_includes_data/includes-eq-ws.cnf
similarity index 66%
copy from test/recipes/90-test_includes_data/includes-file.cnf
copy to test/recipes/90-test_includes_data/includes-eq-ws.cnf
index 1737b70..38109a7 100644
--- a/test/recipes/90-test_includes_data/includes-file.cnf
+++ b/test/recipes/90-test_includes_data/includes-eq-ws.cnf
@@ -2,4 +2,4 @@
 # Example configuration file using includes.
 #
 
-.include includes.cnf
+.include = conf-includes
diff --git a/test/recipes/90-test_includes_data/includes-file.cnf b/test/recipes/90-test_includes_data/includes-eq.cnf
similarity index 68%
copy from test/recipes/90-test_includes_data/includes-file.cnf
copy to test/recipes/90-test_includes_data/includes-eq.cnf
index 1737b70..9d37158 100644
--- a/test/recipes/90-test_includes_data/includes-file.cnf
+++ b/test/recipes/90-test_includes_data/includes-eq.cnf
@@ -2,4 +2,4 @@
 # Example configuration file using includes.
 #
 
-.include includes.cnf
+.include=conf-includes

More information about the openssl-commits mailing list