Add expanded openssl.conf to sources, use no location in certificate

This commit is contained in:
Pavel Roskin 2017-01-22 22:05:34 -08:00
parent 74dabc2cd6
commit 703134b7c4
2 changed files with 48 additions and 2 deletions

46
openssl.conf Normal file
View File

@ -0,0 +1,46 @@
[req]
distinguished_name = req_distinguished_name
# The extensions to add to the self signed cert
x509_extensions = v3_ca
# Run non-interactively
prompt = no
[req_distinguished_name]
# Certificate subject
#countryName = US
#stateOrProvinceName = CA
#localityName = Sunnyvale
#organizationName = xrdp
#organizationalUnitName =
commonName = XRDP
#emailAddress =
[v3_ca]
# Extensions for a typical CA - PKIX recommendation.
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical, CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
#keyUsage = cRLSign, keyCertSign
# Some might want this also
#nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
#subjectAltName = email:copy
# Copy issuer details
#issuerAltName = issuer:copy
# DER hex encoding of an extension: experts only!
#obj = DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
#basicConstraints = critical, DER:30:03:01:01:FF

View File

@ -10,6 +10,7 @@ Source0: https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xr
Source1: xrdp-sesman.pamd
Source2: xrdp.sysconfig
Source3: xrdp.logrotate
Source4: openssl.conf
Patch0: xrdp-0.9.1-sesman.patch
Patch1: xrdp-0.9.1-xrdp-ini.patch
Patch2: xrdp-0.9.1-service.patch
@ -71,7 +72,7 @@ echo '#!/bin/bash -l
%{__install} -Dp -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/xrdp
#install openssl.conf /etc/xrdp
%{__install} -Dp -m 644 keygen/openssl.conf %{buildroot}%{_sysconfdir}/xrdp/openssl.conf
%{__install} -Dp -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/xrdp/openssl.conf
#install log file /var/log/xrdp-sesman.log
%{__mkdir} -p %{buildroot}%{_localstatedir}/log/
@ -97,7 +98,6 @@ if [ ! -f %{_sysconfdir}/xrdp/cert.pem ]; then
openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \
-keyout %{_sysconfdir}/xrdp/key.pem \
-out %{_sysconfdir}/xrdp/cert.pem \
-subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org \
-config %{_sysconfdir}/xrdp/openssl.conf
fi