/[smeserver]/rpms/e-smith-base/sme10/e-smith-base-5.8.1-bz11772-ellipticcert.patch
ViewVC logotype

Annotation of /rpms/e-smith-base/sme10/e-smith-base-5.8.1-bz11772-ellipticcert.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Nov 24 04:29:04 2021 UTC (3 years ago) by jpp
Branch: MAIN
CVS Tags: e-smith-base-5_8_1-8_el7_sme, e-smith-base-5_8_1-5_el7_sme, e-smith-base-5_8_1-29_el7_sme, e-smith-base-5_8_1-12_el7_sme, e-smith-base-5_8_1-31_el7_sme, e-smith-base-5_8_1-28_el7_sme, e-smith-base-5_8_1-13_el7_sme, e-smith-base-5_8_1-21_el7_sme, e-smith-base-5_8_1-24_el7_sme, e-smith-base-5_8_1-7_el7_sme, e-smith-base-5_8_1-18_el7_sme, e-smith-base-5_8_1-6_el7_sme, e-smith-base-5_8_1-9_el7_sme, e-smith-base-5_8_1-10_el7_sme, e-smith-base-5_8_1-23_el7_sme, e-smith-base-5_8_1-17_el7_sme, e-smith-base-5_8_1-14_el7_sme, e-smith-base-5_8_1-11_el7_sme, e-smith-base-5_8_1-22_el7_sme, e-smith-base-5_8_1-15_el7_sme, e-smith-base-5_8_1-16_el7_sme, e-smith-base-5_8_1-19_el7_sme, e-smith-base-5_8_1-26_el7_sme, e-smith-base-5_8_1-25_el7_sme, e-smith-base-5_8_1-27_el7_sme, e-smith-base-5_8_1-20_el7_sme, e-smith-base-5_8_1-30_el7_sme, HEAD
* Tue Nov 23 2021 Jean-Philippe Pialasse <tests@pialasse.com> 5.8.1-5.sme
- support for elliptic curve certificate [SME: 11772]

1 jpp 1.1 diff -Nur --no-dereference e-smith-base-5.8.1.old/createlinks e-smith-base-5.8.1/createlinks
2     --- e-smith-base-5.8.1.old/createlinks 2021-06-06 16:30:37.000000000 -0400
3     +++ e-smith-base-5.8.1/createlinks 2021-11-23 23:25:51.831000000 -0500
4     @@ -304,6 +304,10 @@
5     event_link("remove-templates-custom", $event, "02");
6     templates2events("/etc/smartd.conf", $event);
7     templates2events("/home/e-smith/ssl.pem/pem", $event);
8     +templates2events("/etc/raddb/certs/radiusd.pem", $event);
9     +templates2events("/service/qpsmtpd/ssl/cert.pem", $event);
10     +templates2events("/etc/dovecot/ssl/imapd.pem", $event);
11     +templates2events("/etc/openldap/ssl/slapd.pem", $event);
12     templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $event);
13     event_link("fix-startup", $event, "05");
14     event_link("rotate_timestamped_logfiles", $event, "05");
15     @@ -329,6 +333,13 @@
16     safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
17     safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
18     safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond");
19     +# because of certs
20     +safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
21     +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dovecot");
22     +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/qpsmtpd");
23     +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/sqpsmtpd");
24     +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/radiusd");
25     +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ldap");
26    
27     #--------------------------------------------------
28     # actions for console-save event
29     diff -Nur --no-dereference e-smith-base-5.8.1.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm e-smith-base-5.8.1/root/usr/share/perl5/vendor_perl/esmith/ssl.pm
30     --- e-smith-base-5.8.1.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm 2021-06-06 16:30:37.000000000 -0400
31     +++ e-smith-base-5.8.1/root/usr/share/perl5/vendor_perl/esmith/ssl.pm 2021-11-23 23:18:53.220000000 -0500
32     @@ -6,7 +6,7 @@
33    
34    
35     our @ISA = qw(Exporter);
36     -our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key related_key_cert);
37     +our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key key_is_ec related_key_cert);
38    
39     my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
40     our $SystemName = $configdb->get('SystemName')->value;
41     @@ -51,7 +51,8 @@
42     {
43     #print "$key exists\n";
44     # check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"
45     - my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`;
46     + my $algo = (key_is_ec($key)) ? 'ec' :'rsa';
47     + my $signatureKeySize = `openssl $algo -in $key -text -noout | grep "Private-Key" | head -1`;
48     chomp $signatureKeySize;
49     $signatureKeySize =~ s/^ *Private-Key: \((.*) bit\)/$1/p;
50     if ( $signatureKeySize == $KeySize ) {
51     @@ -122,6 +123,7 @@
52     open my $oldout, ">&STDERR"; # "dup" the stdout filehandle
53     close STDERR;
54     my $exit_code=system("openssl","rsa", "-noout", "-in", "$key");
55     + $exit_code=system("openssl","ec", "-noout", "-in", "$key") unless ($exit_code==0);
56     open STDERR, '>&', $oldout; # restore the dup'ed filehandle to STDOUT
57     if ($exit_code==0){
58     #print "key is a key\n";
59     @@ -131,14 +133,31 @@
60     return 0;
61     }
62    
63     +sub key_is_ec {
64     + my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";
65     + if ( -f $key )
66     + {
67     + open my $oldout, ">&STDERR"; # "dup" the stdout filehandle
68     + close STDERR;
69     + my $exit_code=system("openssl","ec", "-noout", "-in", "$key");
70     + if ($exit_code==0){
71     + #print "key is a key\n";
72     + return 1;
73     + }
74     + }
75     + return 0;
76     +}
77     +
78     sub related_key_cert {
79     my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";
80     my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt";
81     if ( key_is_key($key) and cert_is_cert($crt) )
82     {
83     # check the cert and the key are related, if key has been changed, then we need to change the cert
84     - my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`;
85     - my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`;
86     + #my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`;
87     + #my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`;
88     + my $crt_md5 = `openssl x509 -pubkey -noout -in $crt | openssl md5`;
89     + my $key_md5 = `openssl pkey -pubout -in $key | openssl md5`;
90     #print "$key_md5 eq $crt_md5\n";
91     return 1 if $key_md5 eq $crt_md5;
92     }

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed