bootstrap: pass -noenc to cert generation on script as well

Commit cb13e66776 added this change to
certificate Makefile, change it on base script as well for consistency.

Resolves: #2069224
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
Antonio Torres 2022-04-25 18:25:16 +02:00
parent cb13e66776
commit 9ac9146445
No known key found for this signature in database
GPG Key ID: 359FAF777296F653
2 changed files with 39 additions and 6 deletions

View File

@ -8,9 +8,13 @@ with FIPS enabled. By passing the -noenc option, we can skip the usage
of unsupported algorithms on these systems.
Signed-off-by: Antonio Torres <antorres@redhat.com>
[antorres@redhat.com]: patch adapted to work together with freeradius-bootstrap-create-only.patch.
In bootstrap diff, -f is changed to -e in conditionals.
---
raddb/certs/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
raddb/certs/bootstrap | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index 5cbfd467ce..df45884a55 100644
@ -52,6 +56,31 @@ index 5cbfd467ce..df45884a55 100644
chmod g+r inner-server.key
inner-server.crt: inner-server.csr ca.key ca.pem
--
2.35.1
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
index 57de8cf0d7..c258ec45e0 100755
--- a/raddb/certs/bootstrap
+++ b/raddb/certs/bootstrap
@@ -41,12 +41,12 @@ if [ ! -f dh ]; then
fi
if [ ! -e server.key ]; then
- openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
+ openssl req -new -out server.csr -keyout server.key -config ./server.cnf -noenc || exit 1
chmod g+r server.key
fi
if [ ! -e ca.key ]; then
- openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
+ openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf -noenc || exit 1
fi
if [ ! -e index.txt ]; then
@@ -77,7 +77,7 @@ if [ ! -f ca.der ]; then
fi
if [ ! -e client.key ]; then
- openssl req -new -out client.csr -keyout client.key -config ./client.cnf
+ openssl req -new -out client.csr -keyout client.key -config ./client.cnf -noenc
chmod g+r client.key
fi

View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.0.21
Release: 27%{?dist}
Release: 28%{?dist}
License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/
@ -857,6 +857,10 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog
* Mon Apr 25 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-28
- bootstrap: pass -noenc to certificate generation, do it on script as well
Related: rhbz#2069224
* Fri Apr 22 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-27
- bootstrap: pass -noenc to certificate generation
Related: rhbz#2069224