/[smeserver]/rpms/e-smith-base/sme9/e-smith-base-5.6.0_sha256_cert.patch
ViewVC logotype

Annotation of /rpms/e-smith-base/sme9/e-smith-base-5.6.0_sha256_cert.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Aug 24 15:59:39 2015 UTC (9 years, 2 months ago) by charliebrady
Branch: MAIN
* Mon Aug 24 2015 Charlie Brady <charlie_brady@mitel.com> 5.6.0-23.sme
* Use sha256 algorithm for signature of SSL cert. [SME: 8607]

1 charliebrady 1.1 diff -ru e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt
2     --- e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-18 14:57:14.472207000 -0400
3     +++ e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-24 11:52:08.967488000 -0400
4     @@ -38,7 +38,14 @@
5     my $issuer = `openssl x509 -issuer -noout -in $crt`;
6     chomp $issuer;
7     $issuer =~ s/^issuer= //;
8     - if ($issuer eq $expected_issuer)
9     + my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`;
10     + chomp $signatureAlg;
11     + $signatureAlg =~ s/^ *Signature Algorithm: //;
12     +
13     + if (
14     + ($issuer eq $expected_issuer)
15     + && ($signatureAlg eq "sha256WithRSAEncryption")
16     + )
17     {
18     # Old key file is still good. Read it out - processTemplate will work
19     # out that it hasn't changed, and leave the old one in place
20     @@ -89,7 +96,7 @@
21     exec("/usr/bin/openssl",
22     qw(req -new -key),
23     $key,
24     - qw(-sha1 -x509 -days), KEYLIFEINDAYS,
25     + qw(-sha256 -x509 -days), KEYLIFEINDAYS,
26     qw(-set_serial), time(),
27     )
28     || die "can't exec program: $!";

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed