openssl/0004-Override-default-paths-for-the-CA-directory-tree.patch
Sahana Prasad 1eb7adc383 Adding changes to patch files from source-git sync
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2023-07-31 10:04:55 +02:00

78 lines
2.3 KiB
Diff

From 7a65ee33793fa8a28c0dfc94e6872ce92f408b15 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:27 +0200
Subject: [PATCH 04/35]
0004-Override-default-paths-for-the-CA-directory-tree.patch
Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch
Patch-id: 4
Patch-status: |
# Override default paths for the CA directory tree
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
apps/CA.pl.in | 2 +-
apps/openssl.cnf | 13 +++++++++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index f029470005..729f104a7e 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# Default values for various configuration settings.
-my $CATOP = "./demoCA";
+my $CATOP = "/etc/pki/CA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 8141ab20cd..3956235fda 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
# List of providers to load
[provider_sect]
@@ -71,6 +73,13 @@ default = default_sect
[default_sect]
# activate = 1
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]
@@ -79,7 +88,7 @@ default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -311,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/pki/CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
--
2.41.0