freeradius/freeradius-cert-config.patch
John Dennis 19b7b49d75 - resolves: bug #526559 initial install should run bootstrap to create
certificates running radiusd in debug mode to generate inital temporary
    certificates is no longer necessary, the /etc/raddb/certs/bootstrap is
    invoked on initial rpm install (not upgrade) if there is no existing
    /etc/raddb/certs/server.pem file
- resolves: bug #528493 use sha1 algorithm instead of md5 during cert
    generation the certificate configuration
    (/etc/raddb/certs/{ca,server,client}.cnf) files were modifed to use
    sha1 instead of md5 and the validity reduced from 1 year to 2 months
2010-01-08 17:55:23 +00:00

69 lines
2.3 KiB
Diff

diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: client.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf
--- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500
@@ -14,9 +14,9 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
-default_md = md5
+default_md = sha1
preserve = no
policy = policy_match
Only in freeradius-server-2.1.8/raddb/certs: server.cnf~
diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf
--- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500
+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500
@@ -251,15 +251,6 @@
cipher_list = "DEFAULT"
#
-
- # This configuration entry should be deleted
- # once the server is running in a normal
- # configuration. It is here ONLY to make
- # initial deployments easier.
- #
- make_cert_command = "${certdir}/bootstrap"
-
- #
# Session resumption / fast reauthentication
# cache.
#
Only in freeradius-server-2.1.8/raddb: eap.conf~