Rob Crittenden
parent
15670d850d
commit
30316ac150
|
|
@ -130,3 +130,4 @@ certmonger-0.28.tar.gz
|
|||
/certmonger-0.79.11.tar.gz
|
||||
/certmonger-0.79.12.tar.gz
|
||||
/certmonger-0.79.13.tar.gz
|
||||
/certmonger-0.79.14.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,38 +0,0 @@
|
|||
From 62a6634867db5d9f79b613055b8788136d4cb41d Mon Sep 17 00:00:00 2001
|
||||
From: Ade Lee <alee@redhat.com>
|
||||
Date: Wed, 14 Apr 2021 15:34:48 -0400
|
||||
Subject: [PATCH] Fix local CA to work under FIPS
|
||||
|
||||
The PKCS12 file used for the local CA fails to be created because
|
||||
it uses default OpenSSL encryption algorithms that are disallowed
|
||||
under FIPS. This patch simply updates the PKCS12_create() command
|
||||
to use allowed encryption algorithms.
|
||||
---
|
||||
src/local.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/local.c b/src/local.c
|
||||
index 92bea144..2f50ac77 100644
|
||||
--- a/src/local.c
|
||||
+++ b/src/local.c
|
||||
@@ -39,6 +39,7 @@
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/obj_mac.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/rand.h>
|
||||
@@ -372,7 +373,8 @@ get_signer_info(void *parent, char *localdir, X509 ***roots,
|
||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||
}
|
||||
p12 = PKCS12_create(NULL, CONSTANTCN, *signer_key, *signer_cert,
|
||||
- cas, 0, 0, 0, 0, 0);
|
||||
+ cas, NID_aes_128_cbc, NID_aes_128_cbc,
|
||||
+ 0, 0, 0);
|
||||
if (p12 != NULL) {
|
||||
if (!i2d_PKCS12_fp(fp, p12)) {
|
||||
fclose(fp);
|
||||
--
|
||||
2.26.3
|
||||
|
||||
|
|
@ -30,8 +30,8 @@
|
|||
%bcond_with xmlrpc
|
||||
|
||||
Name: certmonger
|
||||
Version: 0.79.13
|
||||
Release: 6%{?dist}
|
||||
Version: 0.79.14
|
||||
Release: 1%{?dist}
|
||||
Summary: Certificate status monitor and PKI enrollment client
|
||||
|
||||
License: GPLv3+
|
||||
|
|
@ -39,7 +39,6 @@ URL: http://pagure.io/certmonger/
|
|||
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
||||
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
|
||||
|
||||
Patch0001: 0001-Fix-local-CA-to-work-under-FIPS.patch
|
||||
Patch0002: 0002-candidate-openssl-3.0-compat-fixes.patch
|
||||
Patch0003: 0003-Temporarily-disable-the-csrgen-tests.patch
|
||||
|
||||
|
|
@ -270,6 +269,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jun 17 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-1
|
||||
- Update to upstream 0.79.14 (#1969537)
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.13-6
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (certmonger-0.79.13.tar.gz) = 4d7f8e1e001991886c4f5d999a906d3adb3900c3667c6a1c808f1f9baaf297693e0d85e25a0ff44e1c7a0eac9495ae346dd1bcd45e823582c9f18cab14ccdc9f
|
||||
SHA512 (certmonger-0.79.14.tar.gz) = 8eed1675fa5c79249993d96ad053f5414ff406f614860d0eaab3cd26d17291caaf192e8f308ba1317d85ebc021b7c2ab0d2a6b8c741b1b8e7796793f3dcceae3
|
||||
|
|
|
|||
Loading…
Reference in New Issue