rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

Add a directory for OpenSSL providers configuration

Browse Source 
Resolves: RHEL-17193
This commit is contained in:
Dmitry Belyavskiy 2023-11-24 16:16:54 +01:00
parent db02879351
commit e7c35f0ede
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
0024-load-legacy-prov.patch
View File

@ -16,7 +16,7 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
[openssl_init] [openssl_init]
providers = provider_sect providers = provider_sect
# Load default TLS policy configuration # Load default TLS policy configuration
@@ -42,23 +42,24 @@ [ evp_properties ] @@ -42,23 +42,27 @@ [ evp_properties ]
#This section is intentionally added empty here #This section is intentionally added empty here
#to be tuned on particular systems #to be tuned on particular systems
@ -54,6 +54,9 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
+ +
+##[legacy_sect] +##[legacy_sect]
+##activate = 1 +##activate = 1
+
+#Place the third party provider configuration files into this folder
+.include /etc/pki/tls/include
[ ssl_module ] [ ssl_module ]

4
openssl.spec
View File

@ -415,6 +415,7 @@ done
# Install a makefile for generating keys and self-signed certs, and a script # Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly. # for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/include
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
@ -497,6 +498,7 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%dir %{_sysconfdir}/pki/tls/certs %dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private %dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/include
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%config %{_sysconfdir}/pki/tls/fips_local.cnf %config %{_sysconfdir}/pki/tls/fips_local.cnf
@ -534,6 +536,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
Related: RHEL-1780 Related: RHEL-1780
- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails
Resolves: RHEL-17104 Resolves: RHEL-17104
- Add a directory for OpenSSL providers configuration
Resolves: RHEL-17193
* Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25 * Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
- Provide relevant diagnostics when FIPS checksum is corrupted - Provide relevant diagnostics when FIPS checksum is corrupted