Replace expired certificates
Resolves: rhbz#2092456
This commit is contained in:
parent
a8a3a389ee
commit
e859029ea0
212
0066-replace-expired-certs.patch
Normal file
212
0066-replace-expired-certs.patch
Normal file
@ -0,0 +1,212 @@
|
|||||||
|
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
|
||||||
|
index 1fa449d5a098..6aa9455f09ed 100644
|
||||||
|
--- a/test/certs/embeddedSCTs1_issuer.pem
|
||||||
|
+++ b/test/certs/embeddedSCTs1_issuer.pem
|
||||||
|
@@ -1,18 +1,18 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
|
||||||
|
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
|
||||||
|
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
|
||||||
|
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
|
||||||
|
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
|
||||||
|
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
|
||||||
|
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
|
||||||
|
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
|
||||||
|
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
|
||||||
|
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
|
||||||
|
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
|
||||||
|
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
|
||||||
|
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
|
||||||
|
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
|
||||||
|
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
|
||||||
|
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
|
||||||
|
-OwqULg==
|
||||||
|
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
|
||||||
|
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
|
||||||
|
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
|
||||||
|
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
|
||||||
|
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
|
||||||
|
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
|
||||||
|
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
|
||||||
|
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
|
||||||
|
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
|
||||||
|
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
|
||||||
|
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
|
||||||
|
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
|
||||||
|
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
|
||||||
|
+Doud4XrO
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
|
||||||
|
index 5677ac6c9f6a..70ce71e43091 100644
|
||||||
|
--- a/test/certs/sm2-ca-cert.pem
|
||||||
|
+++ b/test/certs/sm2-ca-cert.pem
|
||||||
|
@@ -1,14 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
||||||
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
||||||
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
||||||
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
||||||
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
||||||
|
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
||||||
|
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
||||||
|
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
||||||
|
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
||||||
|
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
||||||
|
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
||||||
|
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
||||||
|
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
||||||
|
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
||||||
|
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
||||||
|
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
||||||
|
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
||||||
|
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
||||||
|
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
||||||
|
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
||||||
|
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
|
||||||
|
index 5677ac6c9f6a..70ce71e43091 100644
|
||||||
|
--- a/test/certs/sm2-root.crt
|
||||||
|
+++ b/test/certs/sm2-root.crt
|
||||||
|
@@ -1,14 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
||||||
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
||||||
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
||||||
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
||||||
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
||||||
|
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
||||||
|
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
||||||
|
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
||||||
|
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
||||||
|
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
||||||
|
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
||||||
|
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
||||||
|
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
||||||
|
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
||||||
|
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
||||||
|
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
||||||
|
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
||||||
|
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
||||||
|
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
||||||
|
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
||||||
|
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
|
||||||
|
index 189abb137625..daf12926aff9 100644
|
||||||
|
--- a/test/certs/sm2.pem
|
||||||
|
+++ b/test/certs/sm2.pem
|
||||||
|
@@ -1,13 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
||||||
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
||||||
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
|
||||||
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
||||||
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
|
||||||
|
-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
|
||||||
|
-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
|
||||||
|
-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
|
||||||
|
-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
|
||||||
|
-OZOfmtx613VyzXwc
|
||||||
|
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
|
||||||
|
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
|
||||||
|
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
|
||||||
|
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
|
||||||
|
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
|
||||||
|
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
|
||||||
|
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
|
||||||
|
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
|
||||||
|
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
|
||||||
|
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
|
||||||
|
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
|
||||||
|
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
|
||||||
|
index 12e8a7305402..109b9c4abc28 100644
|
||||||
|
--- a/test/smime-certs/mksmime-certs.sh
|
||||||
|
+++ b/test/smime-certs/mksmime-certs.sh
|
||||||
|
@@ -15,23 +15,23 @@ export OPENSSL_CONF
|
||||||
|
|
||||||
|
# Root CA: create certificate directly
|
||||||
|
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
|
||||||
|
- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
|
||||||
|
+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
|
||||||
|
|
||||||
|
# EE RSA certificates: create request first
|
||||||
|
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smrsa1.pem -out req.pem -newkey rsa:2048
|
||||||
|
# Sign request: end entity extensions
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
|
||||||
|
|
||||||
|
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smrsa2.pem -out req.pem -newkey rsa:2048
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
|
||||||
|
|
||||||
|
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smrsa3.pem -out req.pem -newkey rsa:2048
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
|
||||||
|
|
||||||
|
# Create DSA parameters
|
||||||
|
@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048
|
||||||
|
|
||||||
|
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
|
||||||
|
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
|
||||||
|
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
|
||||||
|
|
||||||
|
# Create EC parameters
|
||||||
|
@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283
|
||||||
|
|
||||||
|
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
|
||||||
|
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
|
||||||
|
-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
||||||
|
+# Do not renew this cert as it is used for legacy data decrypt test
|
||||||
|
+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
||||||
|
+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
||||||
|
# Create X9.42 DH parameters.
|
||||||
|
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
|
||||||
|
# Generate X9.42 DH key.
|
||||||
|
@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
|
||||||
|
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smtmp.pem -out req.pem -newkey rsa:2048
|
||||||
|
# Sign request but force public key to DH
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-force_pubkey dhpub.pem \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
|
||||||
|
# Remove temp files.
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.1
|
Version: 3.0.1
|
||||||
Release: 33%{?dist}
|
Release: 34%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -126,6 +126,9 @@ Patch63: 0063-CVE-2022-1473.patch
|
|||||||
Patch64: 0064-CVE-2022-1343.diff
|
Patch64: 0064-CVE-2022-1343.diff
|
||||||
# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
|
# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
|
||||||
Patch65: 0065-CVE-2022-1292.patch
|
Patch65: 0065-CVE-2022-1292.patch
|
||||||
|
# https://github.com/openssl/openssl/pull/18444
|
||||||
|
# https://github.com/openssl/openssl/pull/18467
|
||||||
|
Patch66: 0066-replace-expired-certs.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -456,6 +459,10 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34
|
||||||
|
- Some OpenSSL test certificates are expired, updating
|
||||||
|
- Resolves: rhbz#2092456
|
||||||
|
|
||||||
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
|
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
|
||||||
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
|
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
|
||||||
- Resolves: rhbz#2089444
|
- Resolves: rhbz#2089444
|
||||||
|
Loading…
Reference in New Issue
Block a user