rpms/openssl
6
1
Fork 1
Code Issues Pull Requests Releases Activity

Make FIPS module configuration more crypto-policies friendly

Browse Source 
Related: rhbz#2216256
This commit is contained in:
Dmitry Belyavskiy 2023-07-12 17:59:35 +02:00
parent 217cd631e8
commit d30c497ed1
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openssl.spec
View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.7 Version: 3.0.7
Release: 23%{?dist} Release: 24%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -467,6 +467,7 @@ cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \
install -m644 %{SOURCE9} \ install -m644 %{SOURCE9} \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
%endif %endif
ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fips_local.cnf
%files %files
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
@ -491,6 +492,7 @@ install -m644 %{SOURCE9} \
%dir %{_sysconfdir}/pki/tls/private %dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%config %{_sysconfdir}/pki/tls/fips_local.cnf
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
%{_libdir}/libcrypto.so.%{soversion} %{_libdir}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version} %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
@ -520,6 +522,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
- Make FIPS module configuration more crypto-policies friendly
Related: rhbz#2216256
* Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23 * Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23
- Add a workaround for lack of EMS in FIPS mode - Add a workaround for lack of EMS in FIPS mode
Resolves: rhbz#2216256 Resolves: rhbz#2216256