rpms
/
openssl
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Makefile.certificate should not set serial to 0 by default

This commit is contained in:
Tomas Mraz 2015-12-04 14:36:15 +01:00
parent 4240ecaa1b
commit 6536aa4c73
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Makefile.certificate
View File

@ -1,8 +1,11 @@
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
SERIAL=0
DAYS=365 DAYS=365
KEYLEN=2048 KEYLEN=2048
TYPE=rsa:$(KEYLEN) TYPE=rsa:$(KEYLEN)
EXTRA_FLAGS=
ifdef SERIAL
EXTRA_FLAGS+=-set_serial $(SERIAL)
endif
.PHONY: usage .PHONY: usage
.SUFFIXES: .key .csr .crt .pem .SUFFIXES: .key .csr .crt .pem
@ -23,8 +26,9 @@ usage:
@echo "To create a CSR for use with Apache, run \"make certreq\"." @echo "To create a CSR for use with Apache, run \"make certreq\"."
@echo "To create a test certificate for use with Apache, run \"make testcert\"." @echo "To create a test certificate for use with Apache, run \"make testcert\"."
@echo @echo
@echo "To create a test certificate with serial number other than zero, add SERIAL=num" @echo "To create a test certificate with serial number other than random, add SERIAL=num"
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
@echo @echo
@echo Examples: @echo Examples:
@echo " make server.key" @echo " make server.key"
@ -35,14 +39,14 @@ usage:
@echo " make certreq" @echo " make certreq"
@echo " make testcert" @echo " make testcert"
@echo " make server.crt SERIAL=1" @echo " make server.crt SERIAL=1"
@echo " make stunnel.pem SERIAL=2" @echo " make stunnel.pem EXTRA_FLAGS=-sha384"
@echo " make testcert SERIAL=3" @echo " make testcert DAYS=600"
%.pem: %.pem:
umask 77 ; \ umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 -set_serial $(SERIAL) ; \ /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
cat $$PEM1 > $@ ; \ cat $$PEM1 > $@ ; \
echo "" >> $@ ; \ echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \ cat $$PEM2 >> $@ ; \
@ -58,7 +62,7 @@ usage:
%.crt: %.key %.crt: %.key
umask 77 ; \ umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ -set_serial $(SERIAL) /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
TLSROOT=/etc/pki/tls TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key KEY=$(TLSROOT)/private/localhost.key
@ -75,4 +79,4 @@ $(CSR): $(KEY)
$(CRT): $(KEY) $(CRT): $(KEY)
umask 77 ; \ umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) -set_serial $(SERIAL) /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)

10
openssl.spec
View File

@ -227,6 +227,9 @@ if ! echo %{_target} | grep -q i686 ; then
sslflags="no-asm 386" sslflags="no-asm 386"
fi fi
%endif %endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch sparcv9 %ifarch sparcv9
sslarch=linux-sparcv9 sslarch=linux-sparcv9
sslflags=no-asm sslflags=no-asm
@ -243,21 +246,25 @@ sslarch="linux-generic32 -DB_ENDIAN"
%endif %endif
%ifarch s390x %ifarch s390x
sslarch="linux64-s390x" sslarch="linux64-s390x"
sslflags=enable-ec_nistp_64_gcc_128
%endif %endif
%ifarch %{arm} %ifarch %{arm}
sslarch=linux-armv4 sslarch=linux-armv4
%endif %endif
%ifarch aarch64 %ifarch aarch64
sslarch=linux-aarch64 sslarch=linux-aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif %endif
%ifarch sh3 sh4 %ifarch sh3 sh4
sslarch=linux-generic32 sslarch=linux-generic32
%endif %endif
%ifarch ppc64 ppc64p7 %ifarch ppc64 ppc64p7
sslarch=linux-ppc64 sslarch=linux-ppc64
sslflags=enable-ec_nistp_64_gcc_128
%endif %endif
%ifarch ppc64le %ifarch ppc64le
sslarch="linux-ppc64le" sslarch="linux-ppc64le"
sslflags=enable-ec_nistp_64_gcc_128
%endif %endif
# ia64, x86_64, ppc are OK by default # ia64, x86_64, ppc are OK by default
@ -268,7 +275,7 @@ sslarch="linux-ppc64le"
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 enable-ec_nistp_64_gcc_128 \ enable-cms enable-md2 \
no-mdc2 no-rc5 no-ec2m no-gost no-srp \ no-mdc2 no-rc5 no-ec2m no-gost no-srp \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
--with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
@ -488,6 +495,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
- enable fast assembler implementation for NIST P-256 and P-521 - enable fast assembler implementation for NIST P-256 and P-521
elliptic curves (#1164210) elliptic curves (#1164210)
- filter out unwanted link options from the .pc files (#1257836) - filter out unwanted link options from the .pc files (#1257836)
- do not set serial to 0 in Makefile.certificate (#1135719)
* Mon Nov 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-3 * Mon Nov 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-3
- fix sigill on some AMD CPUs (#1278194) - fix sigill on some AMD CPUs (#1278194)