e-smith-base/sme9/e-smith-base-5.6.0_sha256_cert.patch

diff -ru e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt
--- e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt     2015-08-18 14:57:14.472207000 -0400
+++ e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt  2015-08-24 11:52:08.967488000 -0400
@@ -38,7 +38,14 @@
             my $issuer = `openssl x509 -issuer -noout -in $crt`;
             chomp $issuer;
             $issuer =~ s/^issuer= //;
-            if ($issuer eq $expected_issuer)
+            my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`;
+            chomp $signatureAlg;
+            $signatureAlg =~ s/^ *Signature Algorithm: //;
+
+            if (
+                        ($issuer eq $expected_issuer)
+                     && ($signatureAlg ne "sha1WithRSAEncryption")
+            )
            {
                # Old key file is still good. Read it out - processTemplate will work
                # out that it hasn't changed, and leave the old one in place
@@ -89,7 +96,7 @@
            exec("/usr/bin/openssl",
                qw(req -new -key),
                $key,
-               qw(-sha1 -x509 -days), KEYLIFEINDAYS,
+               qw(-sha256 -x509 -days), KEYLIFEINDAYS,
                qw(-set_serial), time(),
                )
                    || die "can't exec program: $!";
1	diff -ru e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt
2	--- e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-18 14:57:14.472207000 -0400
3	+++ e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt 2015-08-24 11:52:08.967488000 -0400
4	@@ -38,7 +38,14 @@
5	my $issuer = `openssl x509 -issuer -noout -in $crt`;
6	chomp $issuer;
7	$issuer =~ s/^issuer= //;
8	- if ($issuer eq $expected_issuer)
9	+ my $signatureAlg = `openssl x509 -text -noout -in $crt \| grep "Signature Algorithm" \| head -1`;
10	+ chomp $signatureAlg;
11	+ $signatureAlg =~ s/^ *Signature Algorithm: //;
12	+
13	+ if (
14	+ ($issuer eq $expected_issuer)
15	+ && ($signatureAlg ne "sha1WithRSAEncryption")
16	+ )
17	{
18	# Old key file is still good. Read it out - processTemplate will work
19	# out that it hasn't changed, and leave the old one in place
20	@@ -89,7 +96,7 @@
21	exec("/usr/bin/openssl",
22	qw(req -new -key),
23	$key,
24	- qw(-sha1 -x509 -days), KEYLIFEINDAYS,
25	+ qw(-sha256 -x509 -days), KEYLIFEINDAYS,
26	qw(-set_serial), time(),
27	)
28	\|\| die "can't exec program: $!";