rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Require sscg 2.2.0 for creating service and CA certificates together

Browse Source 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
This commit is contained in:
Stephen Gallagher 2017-09-21 14:55:16 -04:00 committed by Joe Orton
parent b20eb97391
commit 76ede692d8
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
httpd-ssl-gencerts
View File

@ -5,18 +5,15 @@ set -e
FQDN=`hostname` FQDN=`hostname`
if test -f /etc/pki/tls/certs/localhost.crt -o \ if test -f /etc/pki/tls/certs/localhost.crt -o \
-f /etc/pki/tls/private/localhost.key -o \ -f /etc/pki/tls/private/localhost.key; then
-f /etc/pki/tls/certs/localhost-ca.crt; then
exit 1 exit 1
fi fi
sscg -q \ sscg -q \
--cert-file /etc/pki/tls/certs/localhost.crt \ --cert-file /etc/pki/tls/certs/localhost.crt \
--cert-key-file /etc/pki/tls/private/localhost.key \ --cert-key-file /etc/pki/tls/private/localhost.key \
--ca-file /etc/pki/tls/certs/localhost-ca.crt \ --ca-file /etc/pki/tls/certs/localhost.crt \
--lifetime 365 \ --lifetime 365 \
--hostname $FQDN \ --hostname $FQDN \
--email root@$FQDN --email root@$FQDN
# mod_ssl will send the CA cert if it's appended to the server cert.
cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt

7
httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.27 Version: 2.4.27
Release: 10%{?dist} Release: 11%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -158,7 +158,7 @@ BuildRequires: openssl-devel
Requires(post): openssl, /bin/cat, hostname Requires(post): openssl, /bin/cat, hostname
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
Requires: sscg >= 2.1.0 Requires: sscg >= 2.2.0
Obsoletes: stronghold-mod_ssl Obsoletes: stronghold-mod_ssl
# Require an OpenSSL which supports PROFILE=SYSTEM # Require an OpenSSL which supports PROFILE=SYSTEM
Conflicts: openssl-libs < 1:1.0.1h-4 Conflicts: openssl-libs < 1:1.0.1h-4
@ -689,6 +689,9 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11
- Require sscg 2.2.0 for creating service and CA certificates together
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10 * Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10
- Address CVE-2017-9798 by applying patch from upstream (#1490344) - Address CVE-2017-9798 by applying patch from upstream (#1490344)