/[smecontribs]/rpms/openssl3/contribs10/0004-Override-default-paths-for-the-CA-directory-tree.patch
ViewVC logotype

Contents of /rpms/openssl3/contribs10/0004-Override-default-paths-for-the-CA-directory-tree.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Jan 31 17:24:31 2024 UTC (9 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Error occurred while calculating annotation data.
Initial import

1 From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
2 From: Tomas Mraz <tmraz@fedoraproject.org>
3 Date: Thu, 24 Sep 2020 09:17:26 +0200
4 Subject: Override default paths for the CA directory tree
5
6 Also add default section to load crypto-policies configuration
7 for TLS.
8
9 It needs to be reverted before running tests.
10
11 (was openssl-1.1.1-conf-paths.patch)
12 ---
13 apps/CA.pl.in | 2 +-
14 apps/openssl.cnf | 20 ++++++++++++++++++--
15 2 files changed, 19 insertions(+), 3 deletions(-)
16
17 diff --git a/apps/CA.pl.in b/apps/CA.pl.in
18 index c0afb96716..d6a5fabd16 100644
19 --- a/apps/CA.pl.in
20 +++ b/apps/CA.pl.in
21 @@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
22 my $PKCS12 = "$openssl pkcs12";
23
24 # Default values for various configuration settings.
25 -my $CATOP = "./demoCA";
26 +my $CATOP = "/etc/pki/CA";
27 my $CAKEY = "cakey.pem";
28 my $CAREQ = "careq.pem";
29 my $CACERT = "cacert.pem";
30 diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
31 --- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
32 +++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
33 @@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
34
35 [openssl_init]
36 providers = provider_sect
37 +# Load default TLS policy configuration
38 +ssl_conf = ssl_module
39
40 # List of providers to load
41 [provider_sect]
42 @@ -64,6 +66,13 @@ default = default_sect
43 [default_sect]
44 # activate = 1
45
46 +[ ssl_module ]
47 +
48 +system_default = crypto_policy
49 +
50 +[ crypto_policy ]
51 +
52 +.include = /etc/crypto-policies/back-ends/opensslcnf.config
53
54 ####################################################################
55 [ ca ]
56 @@ -72,7 +81,7 @@ default_ca = CA_default # The default c
57 ####################################################################
58 [ CA_default ]
59
60 -dir = ./demoCA # Where everything is kept
61 +dir = /etc/pki/CA # Where everything is kept
62 certs = $dir/certs # Where the issued certs are kept
63 crl_dir = $dir/crl # Where the issued crl are kept
64 database = $dir/index.txt # database index file.
65 @@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
66 [ tsa_config1 ]
67
68 # These are used by the TSA reply generation only.
69 -dir = ./demoCA # TSA root directory
70 +dir = /etc/pki/CA # TSA root directory
71 serial = $dir/tsaserial # The current serial number (mandatory)
72 crypto_device = builtin # OpenSSL engine to use for signing
73 signer_cert = $dir/tsacert.pem # The TSA signing certificate

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed