3b007b7 Always define the path DNSSEC_OPENSSL_CONF

Authored and Committed by frenaud 3 years ago
    Always define the path DNSSEC_OPENSSL_CONF
    
    The variable was None by default and set to /etc/ipa/dnssec/openssl.cnf
    for fedora only because the code is specific to the support of pkcs11
    engine for bind. As a consequence ipa-backup had a "None" value in the
    list of files to backup and failed on Exception.
    
    ipa-backup code is able to handle missing files, and the code using
    the pkcs11 engine is called only when NAMED_OPENSSL_ENGINE is set
    (only in fedora so far). It is safe to always define a value for
    DNSSEC_OPENSSL_CONF even on os where it does not exist.
    
    The fix also improves the method used to verify that a path exists.
    
    Fixes: https://pagure.io/freeipa/issue/8597
    Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
    
        
file modified
+1 -1
file modified
+0 -1