Rebase to upstream 0.79.14

Resolves: #1969537
This commit is contained in:
Rob Crittenden 2021-06-21 11:29:09 -04:00
parent 15670d850d
commit 30316ac150
4 changed files with 7 additions and 42 deletions

1
.gitignore vendored
View File

@ -130,3 +130,4 @@ certmonger-0.28.tar.gz
/certmonger-0.79.11.tar.gz
/certmonger-0.79.12.tar.gz
/certmonger-0.79.13.tar.gz
/certmonger-0.79.14.tar.gz

View File

@ -1,38 +0,0 @@
From 62a6634867db5d9f79b613055b8788136d4cb41d Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Wed, 14 Apr 2021 15:34:48 -0400
Subject: [PATCH] Fix local CA to work under FIPS
The PKCS12 file used for the local CA fails to be created because
it uses default OpenSSL encryption algorithms that are disallowed
under FIPS. This patch simply updates the PKCS12_create() command
to use allowed encryption algorithms.
---
src/local.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/local.c b/src/local.c
index 92bea144..2f50ac77 100644
--- a/src/local.c
+++ b/src/local.c
@@ -39,6 +39,7 @@
#include <openssl/asn1.h>
#include <openssl/err.h>
+#include <openssl/obj_mac.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
@@ -372,7 +373,8 @@ get_signer_info(void *parent, char *localdir, X509 ***roots,
return CM_SUBMIT_STATUS_UNREACHABLE;
}
p12 = PKCS12_create(NULL, CONSTANTCN, *signer_key, *signer_cert,
- cas, 0, 0, 0, 0, 0);
+ cas, NID_aes_128_cbc, NID_aes_128_cbc,
+ 0, 0, 0);
if (p12 != NULL) {
if (!i2d_PKCS12_fp(fp, p12)) {
fclose(fp);
--
2.26.3

View File

@ -30,8 +30,8 @@
%bcond_with xmlrpc
Name: certmonger
Version: 0.79.13
Release: 6%{?dist}
Version: 0.79.14
Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client
License: GPLv3+
@ -39,7 +39,6 @@ URL: http://pagure.io/certmonger/
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
Patch0001: 0001-Fix-local-CA-to-work-under-FIPS.patch
Patch0002: 0002-candidate-openssl-3.0-compat-fixes.patch
Patch0003: 0003-Temporarily-disable-the-csrgen-tests.patch
@ -270,6 +269,9 @@ exit 0
%endif
%changelog
* Thu Jun 17 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-1
- Update to upstream 0.79.14 (#1969537)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.79.13-6
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065

View File

@ -1 +1 @@
SHA512 (certmonger-0.79.13.tar.gz) = 4d7f8e1e001991886c4f5d999a906d3adb3900c3667c6a1c808f1f9baaf297693e0d85e25a0ff44e1c7a0eac9495ae346dd1bcd45e823582c9f18cab14ccdc9f
SHA512 (certmonger-0.79.14.tar.gz) = 8eed1675fa5c79249993d96ad053f5414ff406f614860d0eaab3cd26d17291caaf192e8f308ba1317d85ebc021b7c2ab0d2a6b8c741b1b8e7796793f3dcceae3