aabbc9ad89
- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used
so the compatibility with unfixed clients is not broken. The protocol
extension is also not final.
37 lines
1.5 KiB
Diff
37 lines
1.5 KiB
Diff
diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in
|
|
--- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir 2006-04-28 02:30:49.000000000 +0200
|
|
+++ openssl-1.0.0-beta4/apps/CA.pl.in 2009-11-12 12:33:13.000000000 +0100
|
|
@@ -53,7 +53,7 @@ $VERIFY="$openssl verify";
|
|
$X509="$openssl x509";
|
|
$PKCS12="$openssl pkcs12";
|
|
|
|
-$CATOP="./demoCA";
|
|
+$CATOP="/etc/pki/CA";
|
|
$CAKEY="cakey.pem";
|
|
$CAREQ="careq.pem";
|
|
$CACERT="cacert.pem";
|
|
diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh
|
|
--- openssl-1.0.0-beta4/apps/CA.sh.ca-dir 2009-10-15 19:27:47.000000000 +0200
|
|
+++ openssl-1.0.0-beta4/apps/CA.sh 2009-11-12 12:35:14.000000000 +0100
|
|
@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify"
|
|
X509="$OPENSSL x509"
|
|
PKCS12="openssl pkcs12"
|
|
|
|
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
|
|
+if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi
|
|
CAKEY=./cakey.pem
|
|
CAREQ=./careq.pem
|
|
CACERT=./cacert.pem
|
|
diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir openssl-1.0.0-beta4/apps/openssl.cnf
|
|
--- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir 2009-11-12 12:33:13.000000000 +0100
|
|
+++ openssl-1.0.0-beta4/apps/openssl.cnf 2009-11-12 12:33:13.000000000 +0100
|
|
@@ -39,7 +39,7 @@ default_ca = CA_default # The default c
|
|
####################################################################
|
|
[ CA_default ]
|
|
|
|
-dir = ./demoCA # Where everything is kept
|
|
+dir = /etc/pki/CA # Where everything is kept
|
|
certs = $dir/certs # Where the issued certs are kept
|
|
crl_dir = $dir/crl # Where the issued crl are kept
|
|
database = $dir/index.txt # database index file.
|