From be088fe540060e286fad14bf7e9bc64d8dd04e36 Mon Sep 17 00:00:00 2001 From: Lexi Winter Date: Wed, 4 Jun 2025 21:28:59 +0100 Subject: make openssl path configurable --- acme.conf.5.in | 7 +++++++ renew.sh.in | 8 +++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/acme.conf.5.in b/acme.conf.5.in index a13f6ff..6d342e7 100644 --- a/acme.conf.5.in +++ b/acme.conf.5.in @@ -39,6 +39,13 @@ The path to a directory containing hooks to invoke when issuing certificates .Xr domains.conf 5 ) . The default path is .Pa __CONFDIR__/hooks . +.It Va ACME_OPENSSL +Path to the +.Xr openssl 1 +program. +If not specified, +.Ev $PATH +will be searched. .It Va ACME_UACME Path to the .Xr uacme 1 diff --git a/renew.sh.in b/renew.sh.in index cecf52a..e1d2c6c 100644 --- a/renew.sh.in +++ b/renew.sh.in @@ -1,6 +1,8 @@ #! /bin/sh # This source code is released into the public domain. +_OPENSSL="$(_findbin openssl $ACME_OPENSSL)" + # Parse command-line arguments. args=$(getopt f $*) if [ $? -ne 0 ]; then @@ -44,8 +46,8 @@ _make_key() { umask 077 case $keytype in - ec) openssl ecparam -name secp384r1 -genkey -noout -out "$keyfile";; - rsa) openssl genrsa -out "$keyfile" 3072;; + ec) $_OPENSSL ecparam -name secp384r1 -genkey -noout -out "$keyfile";; + rsa) $_OPENSSL genrsa -out "$keyfile" 3072;; *) _error "%s: unknown key type %s?" "$keyfile" "$keytype" return 1;; esac @@ -87,7 +89,7 @@ EOF done # Generate the CSR - openssl req -new -key "$keyfile" -out "$csrfile" -config "$csrconf" + $_OPENSSL req -new -key "$keyfile" -out "$csrfile" -config "$csrconf" return $? } -- cgit v1.2.3