Look for openssl.cnf if it is not in the default location.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
author: Pete Higgins <pete@peterhiggins.org> 2020-07-09 13:08:29 -0700
committer: Tim Smith <tsmith84@gmail.com> 2020-07-15 12:35:57 -0700
commit: 178a342878a2fe80d75a906f8ce28100b45183be (patch)
tree: 98d622a8f2226011462541f70b71d983a0acdd29 /lib/chef/mixin/openssl_helper.rb
parent: 0da8beaf4f4545acfea11b168c4b2134c3aa321d (diff)
download: chef-178a342878a2fe80d75a906f8ce28100b45183be.tar.gz
1 files changed, 26 insertions, 3 deletions
diff --git a/lib/chef/mixin/openssl_helper.rb b/lib/chef/mixin/openssl_helper.rb
index 7b94096a79..df6779c8a1 100644
--- a/lib/chef/mixin/openssl_helper.rb
+++ b/lib/chef/mixin/openssl_helper.rb
@@ -282,7 +282,9 @@ class Chef
           ef.issuer_certificate = info["issuer"]
         end
         ef.subject_certificate = cert
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
 
         cert.extensions = extension
         cert.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
@@ -313,7 +315,9 @@ class Chef
         crl.last_update = Time.now
         crl.next_update = Time.now + 3600 * 24 * info["validity"]
 
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
         ef.issuer_certificate = info["issuer"]
 
         crl.add_extension ::OpenSSL::X509::Extension.new("crlNumber", ::OpenSSL::ASN1::Integer(1))
@@ -391,7 +395,9 @@ class Chef
         crl.next_update = crl.last_update + 3600 * 24 * info["validity"]
 
         ef = ::OpenSSL::X509::ExtensionFactory.new
-        ef.config = ::OpenSSL::Config.load(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+        if openssl_config = __openssl_config
+          ef.config = openssl_config
+        end
         ef.issuer_certificate = info["issuer"]
 
         crl.extensions = [ ::OpenSSL::X509::Extension.new("crlNumber",
@@ -422,6 +428,23 @@ class Chef
 
         resp
       end
+
+      private
+
+      def __openssl_config
+        path = if File.exist?(::OpenSSL::Config::DEFAULT_CONFIG_FILE)
+                 OpenSSL::Config::DEFAULT_CONFIG_FILE
+               else
+                 Dir[File.join(RbConfig::CONFIG["prefix"], "**", "openssl.cnf")].first
+               end
+
+        if File.exist?(path)
+          ::OpenSSL::Config.load(path)
+        else
+          Chef::Log.warn("Couldn't find OpenSSL config file")
+          nil
+        end
+      end
     end
   end
 end
author	Pete Higgins <pete@peterhiggins.org>	2020-07-09 13:08:29 -0700
committer	Tim Smith <tsmith84@gmail.com>	2020-07-15 12:35:57 -0700
commit	178a342878a2fe80d75a906f8ce28100b45183be (patch)
tree	98d622a8f2226011462541f70b71d983a0acdd29 /lib/chef/mixin/openssl_helper.rb
parent	0da8beaf4f4545acfea11b168c4b2134c3aa321d (diff)
download	chef-178a342878a2fe80d75a906f8ce28100b45183be.tar.gz