rpms/freeradius
7
0
Fork 0
Code Issues Pull Requests Releases Activity

bootstrap: pass -noenc to cert generation on script as well

Browse Source 
Commit cb13e66776 added this change to
certificate Makefile, change it on base script as well for consistency.

Resolves: #2069224
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
Antonio Torres 2022-04-25 18:25:16 +02:00
parent cb13e66776
commit 9ac9146445
No known key found for this signature in database
GPG Key ID: 359FAF777296F653
2 changed files with 39 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
freeradius-bootstrap-pass-noenc-to-certificate-generation.patch
View File

@ -8,9 +8,13 @@ with FIPS enabled. By passing the -noenc option, we can skip the usage
of unsupported algorithms on these systems. of unsupported algorithms on these systems.
Signed-off-by: Antonio Torres <antorres@redhat.com> Signed-off-by: Antonio Torres <antorres@redhat.com>
[antorres@redhat.com]: patch adapted to work together with freeradius-bootstrap-create-only.patch.
In bootstrap diff, -f is changed to -e in conditionals.
--- ---
raddb/certs/Makefile | 8 ++++---- raddb/certs/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-) raddb/certs/bootstrap | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index 5cbfd467ce..df45884a55 100644 index 5cbfd467ce..df45884a55 100644
@ -52,6 +56,31 @@ index 5cbfd467ce..df45884a55 100644
chmod g+r inner-server.key chmod g+r inner-server.key
inner-server.crt: inner-server.csr ca.key ca.pem inner-server.crt: inner-server.csr ca.key ca.pem
-- diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
2.35.1 index 57de8cf0d7..c258ec45e0 100755
--- a/raddb/certs/bootstrap
+++ b/raddb/certs/bootstrap
@@ -41,12 +41,12 @@ if [ ! -f dh ]; then
fi
if [ ! -e server.key ]; then
- openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
+ openssl req -new -out server.csr -keyout server.key -config ./server.cnf -noenc || exit 1
chmod g+r server.key
fi
if [ ! -e ca.key ]; then
- openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
+ openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf -noenc || exit 1
fi
if [ ! -e index.txt ]; then
@@ -77,7 +77,7 @@ if [ ! -f ca.der ]; then
fi
if [ ! -e client.key ]; then
- openssl req -new -out client.csr -keyout client.key -config ./client.cnf
+ openssl req -new -out client.csr -keyout client.key -config ./client.cnf -noenc
chmod g+r client.key
fi

6
freeradius.spec
View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server Summary: High-performance and highly configurable free RADIUS server
Name: freeradius Name: freeradius
Version: 3.0.21 Version: 3.0.21
Release: 27%{?dist} Release: 28%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/ URL: http://www.freeradius.org/
@ -857,6 +857,10 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog %changelog
* Mon Apr 25 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-28
- bootstrap: pass -noenc to certificate generation, do it on script as well
Related: rhbz#2069224
* Fri Apr 22 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-27 * Fri Apr 22 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-27
- bootstrap: pass -noenc to certificate generation - bootstrap: pass -noenc to certificate generation
Related: rhbz#2069224 Related: rhbz#2069224