From e089777942552c4fe3e58aa328566e7bb745dbf8 Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Fri, 22 Apr 2022 12:27:43 +0200
Subject: [PATCH] bootstrap: pass -noenc to certificate generation

Bootstrap script would fail to generate certificates if run on systems
with FIPS enabled. By passing the -noenc option, we can skip the usage
of unsupported algorithms on these systems.

Signed-off-by: Antonio Torres <antorres@redhat.com>
---
 raddb/certs/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index 5cbfd467ce..df45884a55 100644
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -71,7 +71,7 @@ ca.key ca.pem: ca.cnf
 	@[ -f serial ] || $(MAKE) serial
 	$(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
 		-days $(CA_DEFAULT_DAYS) -config ./ca.cnf \
-		-passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA)
+		-passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA) -noenc
 	chmod g+r ca.key
 
 ca.der: ca.pem
@@ -88,7 +88,7 @@ ca.crl: ca.pem
 #
 ######################################################################
 server.csr server.key: server.cnf
-	$(OPENSSL) req -new  -out server.csr -keyout server.key -config ./server.cnf
+	$(OPENSSL) req -new  -out server.csr -keyout server.key -config ./server.cnf -noenc
 	chmod g+r server.key
 
 server.crt: server.csr ca.key ca.pem
@@ -113,7 +113,7 @@ server.vrfy: ca.pem
 #
 ######################################################################
 client.csr client.key: client.cnf
-	$(OPENSSL) req -new  -out client.csr -keyout client.key -config ./client.cnf
+	$(OPENSSL) req -new  -out client.csr -keyout client.key -config ./client.cnf -noenc
 	chmod g+r client.key
 
 client.crt: client.csr ca.pem ca.key
@@ -139,7 +139,7 @@ client.vrfy: ca.pem client.pem
 #
 ######################################################################
 inner-server.csr inner-server.key: inner-server.cnf
-	$(OPENSSL) req -new  -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf
+	$(OPENSSL) req -new  -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf -noenc
 	chmod g+r inner-server.key
 
 inner-server.crt: inner-server.csr ca.key ca.pem
-- 
2.35.1