import certmonger-0.79.13-3.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
d6a76863b2
commit
b05c406b1d
38
SOURCES/0003-Fix-local-CA-to-work-under-FIPS.patch
Normal file
38
SOURCES/0003-Fix-local-CA-to-work-under-FIPS.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 62a6634867db5d9f79b613055b8788136d4cb41d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ade Lee <alee@redhat.com>
|
||||||
|
Date: Wed, 14 Apr 2021 15:34:48 -0400
|
||||||
|
Subject: [PATCH] Fix local CA to work under FIPS
|
||||||
|
|
||||||
|
The PKCS12 file used for the local CA fails to be created because
|
||||||
|
it uses default OpenSSL encryption algorithms that are disallowed
|
||||||
|
under FIPS. This patch simply updates the PKCS12_create() command
|
||||||
|
to use allowed encryption algorithms.
|
||||||
|
---
|
||||||
|
src/local.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/local.c b/src/local.c
|
||||||
|
index 92bea144..2f50ac77 100644
|
||||||
|
--- a/src/local.c
|
||||||
|
+++ b/src/local.c
|
||||||
|
@@ -39,6 +39,7 @@
|
||||||
|
|
||||||
|
#include <openssl/asn1.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
+#include <openssl/obj_mac.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
#include <openssl/pkcs12.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
|
@@ -372,7 +373,8 @@ get_signer_info(void *parent, char *localdir, X509 ***roots,
|
||||||
|
return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||||
|
}
|
||||||
|
p12 = PKCS12_create(NULL, CONSTANTCN, *signer_key, *signer_cert,
|
||||||
|
- cas, 0, 0, 0, 0, 0);
|
||||||
|
+ cas, NID_aes_128_cbc, NID_aes_128_cbc,
|
||||||
|
+ 0, 0, 0);
|
||||||
|
if (p12 != NULL) {
|
||||||
|
if (!i2d_PKCS12_fp(fp, p12)) {
|
||||||
|
fclose(fp);
|
||||||
|
--
|
||||||
|
2.26.3
|
||||||
|
|
||||||
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.79.13
|
Version: 0.79.13
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -21,6 +21,7 @@ Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
|||||||
|
|
||||||
Patch0001: 0001-Don-t-run-the-002-keygen-tests-when-root.patch
|
Patch0001: 0001-Don-t-run-the-002-keygen-tests-when-root.patch
|
||||||
Patch0002: 0002-Revert-Remove-the-certmaster-CA-from-the-028-dbus-te.patch
|
Patch0002: 0002-Revert-Remove-the-certmaster-CA-from-the-028-dbus-te.patch
|
||||||
|
Patch0003: 0003-Fix-local-CA-to-work-under-FIPS.patch
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -235,6 +236,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 28 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-3
|
||||||
|
- Fix local CA to work under FIPS (#1950132)
|
||||||
|
|
||||||
* Tue Nov 10 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-2
|
* Tue Nov 10 2020 Rob Crittenden <rcritten@redhat.com> - 0.79.13-2
|
||||||
- Rebuild with xmlrpc-c support enabled (#1687698)
|
- Rebuild with xmlrpc-c support enabled (#1687698)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user