Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/jss.git#89bcbe8882b72b2957680ff66ec6a45ab234f0e8
This commit is contained in:
parent
af554a80d1
commit
bbcd1adde9
1
.gitignore
vendored
1
.gitignore
vendored
@ -30,3 +30,4 @@ jss-4.2.6.tar.gz
|
||||
/jss-4.7.0.tar.gz
|
||||
/jss-4.7.2.tar.gz
|
||||
/jss-4.7.3.tar.gz
|
||||
/jss-4.8.0-b1.tar.gz
|
||||
|
@ -1,49 +0,0 @@
|
||||
From 1fb6097a2ab73ef897d011e7383d7f5f1bf6a1df Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Wed, 1 Jul 2020 12:41:20 -0400
|
||||
Subject: [PATCH] Replace SHA-1 signature with SHA-256
|
||||
|
||||
A recent change in Fedora Rawhide's crypto-policies package caused
|
||||
failures in the tests like the following:
|
||||
|
||||
Exception in thread "main" java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
|
||||
at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1494)
|
||||
at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:38)
|
||||
at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:25)
|
||||
at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:435)
|
||||
at java.lang.Thread.run(Thread.java:748)
|
||||
Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
|
||||
at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
|
||||
at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1488)
|
||||
... 4 more
|
||||
Server exiting
|
||||
org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8016) Unknown error
|
||||
at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
|
||||
at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:345)
|
||||
at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:156)
|
||||
at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:90)
|
||||
|
||||
This was caused by dropping SHA-1 as an allowed hash during handshakes.
|
||||
However, because SSLClientAuth manually generated its certificate (and
|
||||
explicitly asked for SHA-1), it failed.
|
||||
|
||||
Switch to SHA-256 instead.
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
org/mozilla/jss/tests/SSLClientAuth.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java
|
||||
index 6f1fd2b12..bf270a634 100644
|
||||
--- a/org/mozilla/jss/tests/SSLClientAuth.java
|
||||
+++ b/org/mozilla/jss/tests/SSLClientAuth.java
|
||||
@@ -28,7 +28,7 @@
|
||||
|
||||
private CryptoManager cm;
|
||||
public static final SignatureAlgorithm sigAlg =
|
||||
- SignatureAlgorithm.RSASignatureWithSHA1Digest;
|
||||
+ SignatureAlgorithm.RSASignatureWithSHA256Digest;
|
||||
|
||||
/**
|
||||
* Method that generates a certificate for given credential
|
@ -1,47 +0,0 @@
|
||||
From 8ed5a82a973922d07d0610fd42c48b2a0ec97d6c Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Wed, 1 Jul 2020 12:44:53 -0400
|
||||
Subject: [PATCH] Remove all legacy DSS/DSA tests
|
||||
|
||||
The only signature algorithm suppoted with DSS is SHA-1, which will soon
|
||||
become deprecated and broken. DSS itself isn't widely used either, so we
|
||||
should remove it from the test suite as well.
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
cmake/JSSTests.cmake | 12 +-----------
|
||||
1 file changed, 1 insertion(+), 11 deletions(-)
|
||||
|
||||
diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake
|
||||
index a26b95425..a0fe36e22 100644
|
||||
--- a/cmake/JSSTests.cmake
|
||||
+++ b/cmake/JSSTests.cmake
|
||||
@@ -170,11 +170,6 @@ macro(jss_tests)
|
||||
COMMAND "org.mozilla.jss.tests.GenerateTestCert" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "30" "localhost" "SHA-256/EC" "CA_ECDSA" "Server_ECDSA" "Client_ECDSA"
|
||||
DEPENDS "Generate_known_RSA_cert_pair"
|
||||
)
|
||||
- jss_test_java(
|
||||
- NAME "Generate_known_DSS_cert_pair"
|
||||
- COMMAND "org.mozilla.jss.tests.GenerateTestCert" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "40" "localhost" "SHA-1/DSA" "CA_DSS" "Server_DSS" "Client_DSS"
|
||||
- DEPENDS "Generate_known_ECDSA_cert_pair"
|
||||
- )
|
||||
jss_test_exec(
|
||||
NAME "Create_PKCS11_cert_to_PKCS12_rsa.pfx"
|
||||
COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/rsa.pfx" "-n" "CA_RSA" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
|
||||
@@ -185,15 +180,10 @@ macro(jss_tests)
|
||||
COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/ecdsa.pfx" "-n" "CA_ECDSA" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
|
||||
DEPENDS "Generate_known_ECDSA_cert_pair"
|
||||
)
|
||||
- jss_test_exec(
|
||||
- NAME "Create_PKCS11_cert_to_PKCS12_dss.pfx"
|
||||
- COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/dss.pfx" "-n" "CA_DSS" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
|
||||
- DEPENDS "Generate_known_DSS_cert_pair"
|
||||
- )
|
||||
jss_test_java(
|
||||
NAME "List_CA_certs"
|
||||
COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose"
|
||||
- DEPENDS "Generate_known_DSS_cert_pair"
|
||||
+ DEPENDS "Generate_known_ECDSA_cert_pair"
|
||||
)
|
||||
jss_test_java(
|
||||
NAME "SSLClientAuth"
|
26
jss.spec
26
jss.spec
@ -6,9 +6,9 @@ Summary: Java Security Services (JSS)
|
||||
URL: http://www.dogtagpki.org/wiki/JSS
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
|
||||
Version: 4.7.3
|
||||
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
#global _phase -a1
|
||||
Version: 4.8.0
|
||||
Release: 0.1%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
%global _phase -b1
|
||||
|
||||
# To generate the source tarball:
|
||||
# $ git clone https://github.com/dogtagpki/jss.git
|
||||
@ -50,7 +50,7 @@ BuildRequires: glassfish-jaxb-api
|
||||
%else
|
||||
BuildRequires: slf4j-jdk14
|
||||
%endif
|
||||
BuildRequires: apache-commons-lang
|
||||
BuildRequires: apache-commons-lang3
|
||||
|
||||
BuildRequires: junit
|
||||
|
||||
@ -64,7 +64,7 @@ Requires: glassfish-jaxb-api
|
||||
%else
|
||||
Requires: slf4j-jdk14
|
||||
%endif
|
||||
Requires: apache-commons-lang
|
||||
Requires: apache-commons-lang3
|
||||
|
||||
Conflicts: ldapjdk < 4.20
|
||||
Conflicts: idm-console-framework < 1.2
|
||||
@ -108,26 +108,13 @@ export CFLAGS
|
||||
# Check if we're in FIPS mode
|
||||
modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
|
||||
|
||||
# RHEL's CMake doesn't support -B flag.
|
||||
%if 0%{?rhel}
|
||||
%{__mkdir_p} %{_vpath_builddir}
|
||||
cd %{_vpath_builddir}
|
||||
%endif
|
||||
|
||||
# The Makefile is not thread-safe
|
||||
%cmake \
|
||||
-DJAVA_HOME=%{java_home} \
|
||||
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
||||
%if 0%{?rhel}
|
||||
..
|
||||
%else
|
||||
-B %{_vpath_builddir}
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora}
|
||||
cd %{_vpath_builddir}
|
||||
%endif
|
||||
|
||||
%{__make} all
|
||||
%{__make} javadoc
|
||||
ctest --output-on-failure
|
||||
@ -173,6 +160,9 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
|
||||
|
||||
################################################################################
|
||||
%changelog
|
||||
* Wed Oct 21 2020 Dogtag PKI Team <pki-devel@redhat.com> - 4.8.0-b1
|
||||
- Rebase to upstream beta release JSS v4.8.0-b1
|
||||
|
||||
* Fri Sep 11 2020 Dogtag PKI Team <pki-devel@redhat.com> - 4.7.3-1
|
||||
- Rebase to upstream stable release JSS v4.7.3
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (jss-4.7.3.tar.gz) = 9358cf78d99e5e32a07dd457d6b0c916bdf9bf6959efe889f1cb91af75aa79fc419c2d057a40bfbe4e2a4924bffc1cafa04d917622cafe07062bcb633f330f98
|
||||
SHA512 (jss-4.8.0-b1.tar.gz) = 5601922b1c2e8006951a01e50486f585e2f6e3c0cd987a7e75c62755b4e14e2c7d489b583f92ba09281ceee2b5b1363f3d8fc94b039232fb3694975bd041a332
|
||||
|
Loading…
Reference in New Issue
Block a user