jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

Provide empty evp_properties section in main OpenSSL configuration file

Browse Source 
Resolves: RHEL-11439
This commit is contained in:
Dmitry Belyavskiy 2023-10-17 12:56:38 +02:00
parent 223304543a
commit ec6d7cf272
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
0004-Override-default-paths-for-the-CA-directory-tree.patch
View File

@ -30,12 +30,17 @@ index c0afb96716..d6a5fabd16 100644
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
@@ -53,6 +53,13 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
+alg_section = evp_properties
+
+[ evp_properties ]
+#This section is intentionally added empty here
+#to be tuned on particular systems
# List of providers to load
[provider_sect]

6
0024-load-legacy-prov.patch
View File

@ -1,7 +1,7 @@
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
@ -16,7 +16,9 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
ssl_conf = ssl_module
@@ -42,23 +42,24 @@ [ evp_properties ]
#This section is intentionally added empty here
#to be tuned on particular systems
-# List of providers to load
-[provider_sect]

2
openssl.spec
View File

@ -527,6 +527,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
Resolves: RHEL-5317
- Don't limit using SHA1 in KDFs in non-FIPS mode.
Resolves: RHEL-5295
- Provide empty evp_properties section in main OpenSSL configuration file
Resolves: RHEL-11439
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
- Make FIPS module configuration more crypto-policies friendly