Add expanded openssl.conf to sources, use no location in certificate
This commit is contained in:
Pavel Roskin
parent
74dabc2cd6
commit
703134b7c4
|
|
@ -0,0 +1,46 @@
|
|||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
# The extensions to add to the self signed cert
|
||||
x509_extensions = v3_ca
|
||||
# Run non-interactively
|
||||
prompt = no
|
||||
|
||||
[req_distinguished_name]
|
||||
# Certificate subject
|
||||
#countryName = US
|
||||
#stateOrProvinceName = CA
|
||||
#localityName = Sunnyvale
|
||||
#organizationName = xrdp
|
||||
#organizationalUnitName =
|
||||
commonName = XRDP
|
||||
#emailAddress =
|
||||
|
||||
[v3_ca]
|
||||
# Extensions for a typical CA - PKIX recommendation.
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always, issuer
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical, CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
#keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
#nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
#subjectAltName = email:copy
|
||||
# Copy issuer details
|
||||
#issuerAltName = issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: experts only!
|
||||
#obj = DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
#basicConstraints = critical, DER:30:03:01:01:FF
|
||||
|
|
@ -10,6 +10,7 @@ Source0: https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xr
|
|||
Source1: xrdp-sesman.pamd
|
||||
Source2: xrdp.sysconfig
|
||||
Source3: xrdp.logrotate
|
||||
Source4: openssl.conf
|
||||
Patch0: xrdp-0.9.1-sesman.patch
|
||||
Patch1: xrdp-0.9.1-xrdp-ini.patch
|
||||
Patch2: xrdp-0.9.1-service.patch
|
||||
|
|
@ -71,7 +72,7 @@ echo '#!/bin/bash -l
|
|||
%{__install} -Dp -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/xrdp
|
||||
|
||||
#install openssl.conf /etc/xrdp
|
||||
%{__install} -Dp -m 644 keygen/openssl.conf %{buildroot}%{_sysconfdir}/xrdp/openssl.conf
|
||||
%{__install} -Dp -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/xrdp/openssl.conf
|
||||
|
||||
#install log file /var/log/xrdp-sesman.log
|
||||
%{__mkdir} -p %{buildroot}%{_localstatedir}/log/
|
||||
|
|
@ -97,7 +98,6 @@ if [ ! -f %{_sysconfdir}/xrdp/cert.pem ]; then
|
|||
openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \
|
||||
-keyout %{_sysconfdir}/xrdp/key.pem \
|
||||
-out %{_sysconfdir}/xrdp/cert.pem \
|
||||
-subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org \
|
||||
-config %{_sysconfdir}/xrdp/openssl.conf
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue