Fixes override of openssl_conf in openssl.cnf

Resolves: rhbz#1975847 Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-07-06 13:56:08 +02:00 · 2021-07-06 13:56:08 +02:00 · 4f728a9f3f
commit 4f728a9f3f
parent 826e7990ea
2 changed files with 23 additions and 23 deletions
--- a/0004-Override-default-paths-for-the-CA-directory-tree.patch
+++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch
@ -27,22 +27,22 @@ index c0afb96716..d6a5fabd16 100644
 my $CAKEY = "cakey.pem";
 my $CAREQ = "careq.pem";
 my $CACERT = "cacert.pem";
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index eb25a0ac48..2479943fde 100644
--- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -31,6 +31,22 @@ oid_section = new_oids
- # (Alternatively, use a configuration file that has only
- # X.509v3 extensions in its main [= default] section.)
+diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
+--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls	2021-07-06 13:41:39.204978272 +0200
+++ openssl-3.0.0-alpha16/apps/openssl.cnf	2021-07-06 13:49:50.362857683 +0200
+@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
 
+ [openssl_init]
+ providers = provider_sect
 +# Load default TLS policy configuration
-+
-+openssl_conf = default_modules
-+
-+[ default_modules ]
-+
 +ssl_conf = ssl_module
-+
+ 
+ # List of providers to load
+ [provider_sect]
+@@ -64,6 +66,13 @@ default = default_sect
+ [default_sect]
+ # activate = 1
+ 
 +[ ssl_module ]
 +
 +system_default = crypto_policy
@ -50,11 +50,10 @@ index eb25a0ac48..2479943fde 100644
 +[ crypto_policy ]
 +
 +.include = /etc/crypto-policies/back-ends/opensslcnf.config
-+
- [ new_oids ]
- # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
- # Add a simple OID like this:
-@@ -72,7 +88,7 @@ default_ca	= CA_default		# The default ca section
+ 
+ ####################################################################
+ [ ca ]
+@@ -72,7 +81,7 @@ default_ca	= CA_default		# The default c
 ####################################################################
 [ CA_default ]
 
@ -63,7 +62,7 @@ index eb25a0ac48..2479943fde 100644
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
-@@ -304,7 +320,7 @@ default_tsa = tsa_config1	# the default TSA section
+@@ -304,7 +313,7 @@ default_tsa = tsa_config1	# the default
 [ tsa_config1 ]
 
 # These are used by the TSA reply generation only.
@ -72,6 +71,3 @@ index eb25a0ac48..2479943fde 100644
 serial		= $dir/tsaserial	# The current serial number (mandatory)
 crypto_device	= builtin		# OpenSSL engine to use for signing
 signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
-- 
-2.26.2
-
--- a/openssl.spec
+++ b/openssl.spec
@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 0.alpha16.6%{?dist}
+Release: 0.alpha16.7%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -383,6 +383,10 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs

 %changelog
+* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
+- Fixes override of openssl_conf in openssl.cnf
+- Resolves: rhbz#1975847
+
 * Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.6
 - Adds FIPS mode compatibility patch (sahana@redhat.com)
 - Related: rhbz#1977318