From 9ac9146445659e4319c3e228827e131a474079d1 Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Mon, 25 Apr 2022 18:25:16 +0200 Subject: [PATCH] bootstrap: pass -noenc to cert generation on script as well Commit cb13e6677690b6cf0ed0f6ee06d76839a568fb35 added this change to certificate Makefile, change it on base script as well for consistency. Resolves: #2069224 Signed-off-by: Antonio Torres --- ...pass-noenc-to-certificate-generation.patch | 39 ++++++++++++++++--- freeradius.spec | 6 ++- 2 files changed, 39 insertions(+), 6 deletions(-) diff --git a/freeradius-bootstrap-pass-noenc-to-certificate-generation.patch b/freeradius-bootstrap-pass-noenc-to-certificate-generation.patch index 8e59f59..d053cd4 100644 --- a/freeradius-bootstrap-pass-noenc-to-certificate-generation.patch +++ b/freeradius-bootstrap-pass-noenc-to-certificate-generation.patch @@ -8,9 +8,13 @@ with FIPS enabled. By passing the -noenc option, we can skip the usage of unsupported algorithms on these systems. Signed-off-by: Antonio Torres + +[antorres@redhat.com]: patch adapted to work together with freeradius-bootstrap-create-only.patch. +In bootstrap diff, -f is changed to -e in conditionals. --- - raddb/certs/Makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) + raddb/certs/Makefile | 8 ++++---- + raddb/certs/bootstrap | 6 +++--- + 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile index 5cbfd467ce..df45884a55 100644 @@ -52,6 +56,31 @@ index 5cbfd467ce..df45884a55 100644 chmod g+r inner-server.key inner-server.crt: inner-server.csr ca.key ca.pem --- -2.35.1 - +diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap +index 57de8cf0d7..c258ec45e0 100755 +--- a/raddb/certs/bootstrap ++++ b/raddb/certs/bootstrap +@@ -41,12 +41,12 @@ if [ ! -f dh ]; then + fi + + if [ ! -e server.key ]; then +- openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1 ++ openssl req -new -out server.csr -keyout server.key -config ./server.cnf -noenc || exit 1 + chmod g+r server.key + fi + + if [ ! -e ca.key ]; then +- openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1 ++ openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf -noenc || exit 1 + fi + + if [ ! -e index.txt ]; then +@@ -77,7 +77,7 @@ if [ ! -f ca.der ]; then + fi + + if [ ! -e client.key ]; then +- openssl req -new -out client.csr -keyout client.key -config ./client.cnf ++ openssl req -new -out client.csr -keyout client.key -config ./client.cnf -noenc + chmod g+r client.key + fi + diff --git a/freeradius.spec b/freeradius.spec index d1c43c1..393bd6e 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.0.21 -Release: 27%{?dist} +Release: 28%{?dist} License: GPLv2+ and LGPLv2+ URL: http://www.freeradius.org/ @@ -857,6 +857,10 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Mon Apr 25 2022 Antonio Torres - 3.0.21-28 +- bootstrap: pass -noenc to certificate generation, do it on script as well + Related: rhbz#2069224 + * Fri Apr 22 2022 Antonio Torres - 3.0.21-27 - bootstrap: pass -noenc to certificate generation Related: rhbz#2069224