| 1 |
stephdl |
1.1 |
diff -ru e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt |
| 2 |
|
|
--- e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-18 14:57:14.472207000 -0400 |
| 3 |
|
|
+++ e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-24 11:52:08.967488000 -0400 |
| 4 |
|
|
@@ -38,7 +38,14 @@ |
| 5 |
|
|
my $issuer = `openssl x509 -issuer -noout -in $crt`; |
| 6 |
|
|
chomp $issuer; |
| 7 |
|
|
$issuer =~ s/^issuer= //; |
| 8 |
|
|
- if ($issuer eq $expected_issuer) |
| 9 |
|
|
+ my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`; |
| 10 |
|
|
+ chomp $signatureAlg; |
| 11 |
|
|
+ $signatureAlg =~ s/^ *Signature Algorithm: //; |
| 12 |
|
|
+ |
| 13 |
|
|
+ if ( |
| 14 |
|
|
+ ($issuer eq $expected_issuer) |
| 15 |
|
|
+ && ($signatureAlg ne "sha1WithRSAEncryption") |
| 16 |
|
|
+ ) |
| 17 |
|
|
{ |
| 18 |
|
|
# Old key file is still good. Read it out - processTemplate will work |
| 19 |
|
|
# out that it hasn't changed, and leave the old one in place |
| 20 |
|
|
@@ -89,7 +96,7 @@ |
| 21 |
|
|
exec("/usr/bin/openssl", |
| 22 |
|
|
qw(req -new -key), |
| 23 |
|
|
$key, |
| 24 |
|
|
- qw(-sha1 -x509 -days), KEYLIFEINDAYS, |
| 25 |
|
|
+ qw(-sha256 -x509 -days), KEYLIFEINDAYS, |
| 26 |
|
|
qw(-set_serial), time(), |
| 27 |
|
|
) |
| 28 |
|
|
|| die "can't exec program: $!"; |
Parent Directory
| 
Revision Log
| 
Revision Graph
