bootstrap: pass -noenc to cert generation on script as well
Commit cb13e66776
added this change to
certificate Makefile, change it on base script as well for consistency.
Resolves: #2069224
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
parent
cb13e66776
commit
9ac9146445
@ -8,9 +8,13 @@ with FIPS enabled. By passing the -noenc option, we can skip the usage
|
||||
of unsupported algorithms on these systems.
|
||||
|
||||
Signed-off-by: Antonio Torres <antorres@redhat.com>
|
||||
|
||||
[antorres@redhat.com]: patch adapted to work together with freeradius-bootstrap-create-only.patch.
|
||||
In bootstrap diff, -f is changed to -e in conditionals.
|
||||
---
|
||||
raddb/certs/Makefile | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
raddb/certs/bootstrap | 6 +++---
|
||||
2 files changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
|
||||
index 5cbfd467ce..df45884a55 100644
|
||||
@ -52,6 +56,31 @@ index 5cbfd467ce..df45884a55 100644
|
||||
chmod g+r inner-server.key
|
||||
|
||||
inner-server.crt: inner-server.csr ca.key ca.pem
|
||||
--
|
||||
2.35.1
|
||||
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
|
||||
index 57de8cf0d7..c258ec45e0 100755
|
||||
--- a/raddb/certs/bootstrap
|
||||
+++ b/raddb/certs/bootstrap
|
||||
@@ -41,12 +41,12 @@ if [ ! -f dh ]; then
|
||||
fi
|
||||
|
||||
if [ ! -e server.key ]; then
|
||||
- openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
|
||||
+ openssl req -new -out server.csr -keyout server.key -config ./server.cnf -noenc || exit 1
|
||||
chmod g+r server.key
|
||||
fi
|
||||
|
||||
if [ ! -e ca.key ]; then
|
||||
- openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
|
||||
+ openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf -noenc || exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e index.txt ]; then
|
||||
@@ -77,7 +77,7 @@ if [ ! -f ca.der ]; then
|
||||
fi
|
||||
|
||||
if [ ! -e client.key ]; then
|
||||
- openssl req -new -out client.csr -keyout client.key -config ./client.cnf
|
||||
+ openssl req -new -out client.csr -keyout client.key -config ./client.cnf -noenc
|
||||
chmod g+r client.key
|
||||
fi
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: High-performance and highly configurable free RADIUS server
|
||||
Name: freeradius
|
||||
Version: 3.0.21
|
||||
Release: 27%{?dist}
|
||||
Release: 28%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: http://www.freeradius.org/
|
||||
|
||||
@ -857,6 +857,10 @@ exit 0
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
|
||||
|
||||
%changelog
|
||||
* Mon Apr 25 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-28
|
||||
- bootstrap: pass -noenc to certificate generation, do it on script as well
|
||||
Related: rhbz#2069224
|
||||
|
||||
* Fri Apr 22 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-27
|
||||
- bootstrap: pass -noenc to certificate generation
|
||||
Related: rhbz#2069224
|
||||
|
Loading…
Reference in New Issue
Block a user