forked from rpms/openssl
Provide empty evp_properties section in main OpenSSL configuration file
Resolves: RHEL-11439
This commit is contained in:
parent
223304543a
commit
ec6d7cf272
@ -30,12 +30,17 @@ index c0afb96716..d6a5fabd16 100644
|
|||||||
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
|
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
|
||||||
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
|
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
|
||||||
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
|
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
|
||||||
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
|
@@ -53,6 +53,13 @@ tsa_policy3 = 1.2.3.4.5.7
|
||||||
|
|
||||||
[openssl_init]
|
[openssl_init]
|
||||||
providers = provider_sect
|
providers = provider_sect
|
||||||
+# Load default TLS policy configuration
|
+# Load default TLS policy configuration
|
||||||
+ssl_conf = ssl_module
|
+ssl_conf = ssl_module
|
||||||
|
+alg_section = evp_properties
|
||||||
|
+
|
||||||
|
+[ evp_properties ]
|
||||||
|
+#This section is intentionally added empty here
|
||||||
|
+#to be tuned on particular systems
|
||||||
|
|
||||||
# List of providers to load
|
# List of providers to load
|
||||||
[provider_sect]
|
[provider_sect]
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
|
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
|
||||||
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
|
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
|
||||||
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
|
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
|
||||||
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
|
@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1
|
||||||
tsa_policy2 = 1.2.3.4.5.6
|
tsa_policy2 = 1.2.3.4.5.6
|
||||||
tsa_policy3 = 1.2.3.4.5.7
|
tsa_policy3 = 1.2.3.4.5.7
|
||||||
|
|
||||||
@ -16,7 +16,9 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
|
|||||||
[openssl_init]
|
[openssl_init]
|
||||||
providers = provider_sect
|
providers = provider_sect
|
||||||
# Load default TLS policy configuration
|
# Load default TLS policy configuration
|
||||||
ssl_conf = ssl_module
|
@@ -42,23 +42,24 @@ [ evp_properties ]
|
||||||
|
#This section is intentionally added empty here
|
||||||
|
#to be tuned on particular systems
|
||||||
|
|
||||||
-# List of providers to load
|
-# List of providers to load
|
||||||
-[provider_sect]
|
-[provider_sect]
|
||||||
|
@ -527,6 +527,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
|||||||
Resolves: RHEL-5317
|
Resolves: RHEL-5317
|
||||||
- Don't limit using SHA1 in KDFs in non-FIPS mode.
|
- Don't limit using SHA1 in KDFs in non-FIPS mode.
|
||||||
Resolves: RHEL-5295
|
Resolves: RHEL-5295
|
||||||
|
- Provide empty evp_properties section in main OpenSSL configuration file
|
||||||
|
Resolves: RHEL-11439
|
||||||
|
|
||||||
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
||||||
- Make FIPS module configuration more crypto-policies friendly
|
- Make FIPS module configuration more crypto-policies friendly
|
||||||
|
Loading…
Reference in New Issue
Block a user