1 |
charliebrady |
1.1 |
diff -ru e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt |
2 |
|
|
--- e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-18 14:57:14.472207000 -0400 |
3 |
|
|
+++ e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-24 11:52:08.967488000 -0400 |
4 |
|
|
@@ -38,7 +38,14 @@ |
5 |
|
|
my $issuer = `openssl x509 -issuer -noout -in $crt`; |
6 |
|
|
chomp $issuer; |
7 |
|
|
$issuer =~ s/^issuer= //; |
8 |
|
|
- if ($issuer eq $expected_issuer) |
9 |
|
|
+ my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`; |
10 |
|
|
+ chomp $signatureAlg; |
11 |
|
|
+ $signatureAlg =~ s/^ *Signature Algorithm: //; |
12 |
|
|
+ |
13 |
|
|
+ if ( |
14 |
|
|
+ ($issuer eq $expected_issuer) |
15 |
|
|
+ && ($signatureAlg eq "sha256WithRSAEncryption") |
16 |
|
|
+ ) |
17 |
|
|
{ |
18 |
|
|
# Old key file is still good. Read it out - processTemplate will work |
19 |
|
|
# out that it hasn't changed, and leave the old one in place |
20 |
|
|
@@ -89,7 +96,7 @@ |
21 |
|
|
exec("/usr/bin/openssl", |
22 |
|
|
qw(req -new -key), |
23 |
|
|
$key, |
24 |
|
|
- qw(-sha1 -x509 -days), KEYLIFEINDAYS, |
25 |
|
|
+ qw(-sha256 -x509 -days), KEYLIFEINDAYS, |
26 |
|
|
qw(-set_serial), time(), |
27 |
|
|
) |
28 |
|
|
|| die "can't exec program: $!"; |