Closed ifranzki closed 11 months ago
Otherwise looks good to me.
Small change to prefer env var IBMCA_DEBUG_PATH over the config setting (in case both are specified).
Small change to prefer env var IBMCA_DEBUG_PATH over the config setting (in case both are specified).
it makes sense, thanks
The IBMCA provider debug logs were written to the /var/log/ibmca/ directory, but this required that directory to be world-writable, because we don't know under which user an application runs that uses the provider. A world-writable directory under /var has security implications and should be avoided.
Change the default log directory to /tmp which is world-writable anyway. Additionally the log directory can now be configured via the 'debug-path' option in the IBMCA provider section of the OpenSSL config file, or via environment variable 'IBMCA_DEBUG_PATH'.
Closes: https://github.com/opencryptoki/openssl-ibmca/issues/107