Require sscg 2.2.0 for creating service and CA certificates together

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-21 14:55:16 -04:00 · 2017-09-21 14:55:16 -04:00 · 76ede692d8
commit 76ede692d8
parent b20eb97391
2 changed files with 7 additions and 7 deletions
--- a/7
+++ b/7
@ -5,18 +5,15 @@ set -e
 FQDN=`hostname`

 if test -f /etc/pki/tls/certs/localhost.crt -o \
-        -f /etc/pki/tls/private/localhost.key -o \
-        -f /etc/pki/tls/certs/localhost-ca.crt; then
+        -f /etc/pki/tls/private/localhost.key; then
    exit 1
 fi

 sscg -q                                                             \
     --cert-file           /etc/pki/tls/certs/localhost.crt         \
     --cert-key-file       /etc/pki/tls/private/localhost.key       \
-     --ca-file             /etc/pki/tls/certs/localhost-ca.crt      \
+     --ca-file             /etc/pki/tls/certs/localhost.crt         \
     --lifetime            365                                      \
     --hostname            $FQDN                                    \
     --email               root@$FQDN

-# mod_ssl will send the CA cert if it's appended to the server cert.
-cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt
--- a/httpd.spec
+++ b/httpd.spec
@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.27
-Release: 10%{?dist}
+Release: 11%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@ -158,7 +158,7 @@ BuildRequires: openssl-devel
 Requires(post): openssl, /bin/cat, hostname
 Requires(pre): httpd-filesystem
 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires: sscg >= 2.1.0
+Requires: sscg >= 2.2.0
 Obsoletes: stronghold-mod_ssl
 # Require an OpenSSL which supports PROFILE=SYSTEM
 Conflicts: openssl-libs < 1:1.0.1h-4
@ -689,6 +689,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd

 %changelog
+* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11
+- Require sscg 2.2.0 for creating service and CA certificates together
+
 * Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10
 - Address CVE-2017-9798 by applying patch from upstream (#1490344)