6155daa274
- Patch to fix NSS handling of keys in sqlite databases - Patches to fix tests now that sqlite is the NSS default. Also fix building in rawhide due to packaging changes - Remove BR on mktemp. It is now provided by coreutils.
53 lines
1.9 KiB
Diff
53 lines
1.9 KiB
Diff
From f1b7eeceef117606c060f61542754f5556739469 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Tue, 9 Jan 2018 22:13:49 -0500
|
|
Subject: [PATCH 2/6] SQLite databases require a password to modify trust and
|
|
to sign
|
|
|
|
This affects certutil -M and cmsutil -S. Need to add -f pinfile.
|
|
|
|
https://pagure.io/certmonger/issue/88
|
|
---
|
|
tests/030-rekey/run.sh | 16 ++++++++--------
|
|
1 file changed, 8 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/tests/030-rekey/run.sh b/tests/030-rekey/run.sh
|
|
index 9b50da4a..07fea683 100755
|
|
--- a/tests/030-rekey/run.sh
|
|
+++ b/tests/030-rekey/run.sh
|
|
@@ -140,11 +140,11 @@ for preserve in 1 0 ; do
|
|
|
|
echo "This is the plaintext." > plain.txt
|
|
echo "NSS Signing:"
|
|
- certutil -M -d $tmpdir -n i$size -t P,P,P
|
|
- cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed
|
|
+ certutil -M -d $tmpdir -n i$size -t P,P,P -f pinfile
|
|
+ cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed -f pinfile
|
|
echo "NSS Verify:"
|
|
- cmsutil -D -d $tmpdir -f pinfile -i signed
|
|
- certutil -M -d $tmpdir -n i$size -t ,,
|
|
+ cmsutil -D -d $tmpdir -f pinfile -i signed -f pinfile
|
|
+ certutil -M -d $tmpdir -n i$size -t ,, -f pinfile
|
|
|
|
# Go and save the new certs and keys (NSS).
|
|
echo '(saving)'
|
|
@@ -163,11 +163,11 @@ for preserve in 1 0 ; do
|
|
|
|
echo "This is the plaintext." > plain.txt
|
|
echo "NSS Signing:"
|
|
- certutil -M -d $tmpdir -n i$size -t P,P,P
|
|
- cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed
|
|
+ certutil -M -d $tmpdir -n i$size -t P,P,P -f pinfile
|
|
+ cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed -f pinfile
|
|
echo "NSS Verify:"
|
|
- cmsutil -D -d $tmpdir -f pinfile -i signed
|
|
- certutil -M -d $tmpdir -n i$size -t ,,
|
|
+ cmsutil -D -d $tmpdir -f pinfile -i signed -f pinfile
|
|
+ certutil -M -d $tmpdir -n i$size -t ,, -f pinfile
|
|
|
|
# Now generate new keys, CSRs, and certificates (OpenSSL).
|
|
echo "PEM keys before re-keygen (preserve=$preserve,pin=\"$pin\"):"
|
|
--
|
|
2.15.1
|
|
|