rpms/openssl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- added support for changing serial number to Makefile.certificate

Browse Source 
(#151188)
- make ca-bundle.crt a config file (#118903)
This commit is contained in:
Tomáš Mráz 2005-03-30 10:52:21 +00:00
parent 632ff532b1
commit c9c6ff6b15
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile.certificate
View File

@ -1,4 +1,5 @@
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
SERIAL=0
.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
@ -19,6 +20,8 @@ usage:
@echo "To create a CSR for use with Apache, run \"make certreq\"."
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
@echo
@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
@echo
@echo Examples:
@echo " make server.key"
@echo " make server.csr"
@ -27,12 +30,15 @@ usage:
@echo " make genkey"
@echo " make certreq"
@echo " make testcert"
@echo " make server.crt SERIAL=1"
@echo " make stunnel.pem SERIAL=2"
@echo " make testcert SERIAL=3"
%.pem:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ; \
/usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
cat $$PEM1 > $@ ; \
echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \
@ -48,7 +54,7 @@ usage:
%.crt: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
KEY=/etc/httpd/conf/ssl.key/server.key
CSR=/etc/httpd/conf/ssl.csr/server.csr
@ -64,4 +70,4 @@ $(CSR): $(KEY)
$(CRT): $(KEY)
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT)
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)

7
openssl.spec
View File

@ -345,6 +345,7 @@ popd
%{_datadir}/ssl/private
%config(noreplace) %{_datadir}/ssl/openssl.cnf
%config %{_datadir}/ssl/certs/ca-bundle.crt
%attr(0755,root,root) %{_bindir}/openssl
%attr(0755,root,root) /%{_lib}/*.so.%{version}
@ -381,11 +382,13 @@ popd
%changelog
* Wed Mar 30 2005 Tomas Mraz <trmaz@redhat.com> 0.9.7f-1
- reenable optimizations on ppc64
- enable assembly code on ia64
- reenable optimizations on ppc64 and assembly code on ia64
- upgrade to new upstream version (no soname bump needed)
- disable thread test - it was testing the backport of the
RSA blinding - no longer needed
- added support for changing serial number to
Makefile.certificate (#151188)
- make ca-bundle.crt a config file (#118903)
* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-3
- libcrypto shouldn't depend on libkrb5 (#135961)