/[smecontribs]/rpms/openssl3/contribs10/0004-Override-default-paths-for-the-CA-directory-tree.patch
ViewVC logotype

Annotation of /rpms/openssl3/contribs10/0004-Override-default-paths-for-the-CA-directory-tree.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jan 31 17:24:31 2024 UTC (9 months, 4 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 jpp 1.1 From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
2     From: Tomas Mraz <tmraz@fedoraproject.org>
3     Date: Thu, 24 Sep 2020 09:17:26 +0200
4     Subject: Override default paths for the CA directory tree
5    
6     Also add default section to load crypto-policies configuration
7     for TLS.
8    
9     It needs to be reverted before running tests.
10    
11     (was openssl-1.1.1-conf-paths.patch)
12     ---
13     apps/CA.pl.in | 2 +-
14     apps/openssl.cnf | 20 ++++++++++++++++++--
15     2 files changed, 19 insertions(+), 3 deletions(-)
16    
17     diff --git a/apps/CA.pl.in b/apps/CA.pl.in
18     index c0afb96716..d6a5fabd16 100644
19     --- a/apps/CA.pl.in
20     +++ b/apps/CA.pl.in
21     @@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
22     my $PKCS12 = "$openssl pkcs12";
23    
24     # Default values for various configuration settings.
25     -my $CATOP = "./demoCA";
26     +my $CATOP = "/etc/pki/CA";
27     my $CAKEY = "cakey.pem";
28     my $CAREQ = "careq.pem";
29     my $CACERT = "cacert.pem";
30     diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
31     --- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
32     +++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
33     @@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
34    
35     [openssl_init]
36     providers = provider_sect
37     +# Load default TLS policy configuration
38     +ssl_conf = ssl_module
39    
40     # List of providers to load
41     [provider_sect]
42     @@ -64,6 +66,13 @@ default = default_sect
43     [default_sect]
44     # activate = 1
45    
46     +[ ssl_module ]
47     +
48     +system_default = crypto_policy
49     +
50     +[ crypto_policy ]
51     +
52     +.include = /etc/crypto-policies/back-ends/opensslcnf.config
53    
54     ####################################################################
55     [ ca ]
56     @@ -72,7 +81,7 @@ default_ca = CA_default # The default c
57     ####################################################################
58     [ CA_default ]
59    
60     -dir = ./demoCA # Where everything is kept
61     +dir = /etc/pki/CA # Where everything is kept
62     certs = $dir/certs # Where the issued certs are kept
63     crl_dir = $dir/crl # Where the issued crl are kept
64     database = $dir/index.txt # database index file.
65     @@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
66     [ tsa_config1 ]
67    
68     # These are used by the TSA reply generation only.
69     -dir = ./demoCA # TSA root directory
70     +dir = /etc/pki/CA # TSA root directory
71     serial = $dir/tsaserial # The current serial number (mandatory)
72     crypto_device = builtin # OpenSSL engine to use for signing
73     signer_cert = $dir/tsacert.pem # The TSA signing certificate

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed