- added support for changing serial number to Makefile.certificate
(#151188) - make ca-bundle.crt a config file (#118903)
This commit is contained in:
Tomáš Mráz
parent
632ff532b1
commit
c9c6ff6b15
|
|
@ -1,4 +1,5 @@
|
|||
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
|
||||
SERIAL=0
|
||||
|
||||
.PHONY: usage
|
||||
.SUFFIXES: .key .csr .crt .pem
|
||||
|
|
@ -19,6 +20,8 @@ usage:
|
|||
@echo "To create a CSR for use with Apache, run \"make certreq\"."
|
||||
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
|
||||
@echo
|
||||
@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
|
||||
@echo
|
||||
@echo Examples:
|
||||
@echo " make server.key"
|
||||
@echo " make server.csr"
|
||||
|
|
@ -27,12 +30,15 @@ usage:
|
|||
@echo " make genkey"
|
||||
@echo " make certreq"
|
||||
@echo " make testcert"
|
||||
@echo " make server.crt SERIAL=1"
|
||||
@echo " make stunnel.pem SERIAL=2"
|
||||
@echo " make testcert SERIAL=3"
|
||||
|
||||
%.pem:
|
||||
umask 77 ; \
|
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
|
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
|
||||
/usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ; \
|
||||
/usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
|
||||
cat $$PEM1 > $@ ; \
|
||||
echo "" >> $@ ; \
|
||||
cat $$PEM2 >> $@ ; \
|
||||
|
|
@ -48,7 +54,7 @@ usage:
|
|||
|
||||
%.crt: %.key
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@
|
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
|
||||
|
||||
KEY=/etc/httpd/conf/ssl.key/server.key
|
||||
CSR=/etc/httpd/conf/ssl.csr/server.csr
|
||||
|
|
@ -64,4 +70,4 @@ $(CSR): $(KEY)
|
|||
|
||||
$(CRT): $(KEY)
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT)
|
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)
|
||||
|
|
|
|||
|
|
@ -345,6 +345,7 @@ popd
|
|||
%{_datadir}/ssl/private
|
||||
|
||||
%config(noreplace) %{_datadir}/ssl/openssl.cnf
|
||||
%config %{_datadir}/ssl/certs/ca-bundle.crt
|
||||
|
||||
%attr(0755,root,root) %{_bindir}/openssl
|
||||
%attr(0755,root,root) /%{_lib}/*.so.%{version}
|
||||
|
|
@ -381,11 +382,13 @@ popd
|
|||
|
||||
%changelog
|
||||
* Wed Mar 30 2005 Tomas Mraz <trmaz@redhat.com> 0.9.7f-1
|
||||
- reenable optimizations on ppc64
|
||||
- enable assembly code on ia64
|
||||
- reenable optimizations on ppc64 and assembly code on ia64
|
||||
- upgrade to new upstream version (no soname bump needed)
|
||||
- disable thread test - it was testing the backport of the
|
||||
RSA blinding - no longer needed
|
||||
- added support for changing serial number to
|
||||
Makefile.certificate (#151188)
|
||||
- make ca-bundle.crt a config file (#118903)
|
||||
|
||||
* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-3
|
||||
- libcrypto shouldn't depend on libkrb5 (#135961)
|
||||
|
|
|
|||
Loading…
Reference in New Issue