rpms/certmonger
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to upstream 0.79.14

Browse Source 
Resolves: #1969537
This commit is contained in:
Rob Crittenden 2021-06-21 11:29:09 -04:00
parent 15670d850d
commit 30316ac150
4 changed files with 7 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -130,3 +130,4 @@ certmonger-0.28.tar.gz
/certmonger-0.79.11.tar.gz /certmonger-0.79.11.tar.gz
/certmonger-0.79.12.tar.gz /certmonger-0.79.12.tar.gz
/certmonger-0.79.13.tar.gz /certmonger-0.79.13.tar.gz
/certmonger-0.79.14.tar.gz

38
0001-Fix-local-CA-to-work-under-FIPS.patch
View File

@ -1,38 +0,0 @@
From 62a6634867db5d9f79b613055b8788136d4cb41d Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Wed, 14 Apr 2021 15:34:48 -0400
Subject: [PATCH] Fix local CA to work under FIPS
The PKCS12 file used for the local CA fails to be created because
it uses default OpenSSL encryption algorithms that are disallowed
under FIPS. This patch simply updates the PKCS12_create() command
to use allowed encryption algorithms.
---
src/local.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/local.c b/src/local.c
index 92bea144..2f50ac77 100644
--- a/src/local.c
+++ b/src/local.c
@@ -39,6 +39,7 @@
#include <openssl/asn1.h>
#include <openssl/err.h>
+#include <openssl/obj_mac.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
@@ -372,7 +373,8 @@ get_signer_info(void *parent, char *localdir, X509 ***roots,
return CM_SUBMIT_STATUS_UNREACHABLE;
}
p12 = PKCS12_create(NULL, CONSTANTCN, *signer_key, *signer_cert,
- cas, 0, 0, 0, 0, 0);
+ cas, NID_aes_128_cbc, NID_aes_128_cbc,
+ 0, 0, 0);
if (p12 != NULL) {
if (!i2d_PKCS12_fp(fp, p12)) {
fclose(fp);
--
2.26.3

8
certmonger.spec
View File

@ -30,8 +30,8 @@
%bcond_with xmlrpc %bcond_with xmlrpc
Name: certmonger Name: certmonger
Version: 0.79.13 Version: 0.79.14
Release: 6%{?dist} Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client Summary: Certificate status monitor and PKI enrollment client
License: GPLv3+ License: GPLv3+
@ -39,7 +39,6 @@ URL: http://pagure.io/certmonger/
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig #Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
Patch0001: 0001-Fix-local-CA-to-work-under-FIPS.patch
Patch0002: 0002-candidate-openssl-3.0-compat-fixes.patch Patch0002: 0002-candidate-openssl-3.0-compat-fixes.patch
Patch0003: 0003-Temporarily-disable-the-csrgen-tests.patch Patch0003: 0003-Temporarily-disable-the-csrgen-tests.patch
@ -270,6 +269,9 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Jun 17 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-1
- Update to upstream 0.79.14 (#1969537)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.13-6 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.13-6
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065 Related: rhbz#1971065

2
sources
View File

@ -1 +1 @@
SHA512 (certmonger-0.79.13.tar.gz) = 4d7f8e1e001991886c4f5d999a906d3adb3900c3667c6a1c808f1f9baaf297693e0d85e25a0ff44e1c7a0eac9495ae346dd1bcd45e823582c9f18cab14ccdc9f SHA512 (certmonger-0.79.14.tar.gz) = 8eed1675fa5c79249993d96ad053f5414ff406f614860d0eaab3cd26d17291caaf192e8f308ba1317d85ebc021b7c2ab0d2a6b8c741b1b8e7796793f3dcceae3