From 6926f64fe4c79bccb3df2d1c92959eeaca192aa8 Mon Sep 17 00:00:00 2001
From: Vitezslav Crhonek <vcrhonek@redhat.com>
Date: Thu, 27 Jul 2023 09:24:19 +0200
Subject: [PATCH] Remove RANDFILE and increase default bits in ssleay.conf

Resolves: #2220821
---
 openwsman-2.6.5-update-ssleay-conf.patch | 15 +++++++++++++++
 openwsman.spec                           |  9 ++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 openwsman-2.6.5-update-ssleay-conf.patch

diff --git a/openwsman-2.6.5-update-ssleay-conf.patch b/openwsman-2.6.5-update-ssleay-conf.patch
new file mode 100644
index 0000000..a8b7820
--- /dev/null
+++ b/openwsman-2.6.5-update-ssleay-conf.patch
@@ -0,0 +1,15 @@
+diff -up openwsman-2.6.5/etc/ssleay.cnf.orig openwsman-2.6.5/etc/ssleay.cnf
+--- openwsman-2.6.5/etc/ssleay.cnf.orig	2017-11-28 09:32:15.000000000 +0100
++++ openwsman-2.6.5/etc/ssleay.cnf	2023-07-10 10:00:44.713426317 +0200
+@@ -2,10 +2,8 @@
+ # SSLeay example configuration file.
+ #
+ 
+-RANDFILE                = /dev/random
+-
+ [ req ]
+-default_bits            = 1024
++default_bits            = 2048
+ default_keyfile         = privkey.pem
+ distinguished_name      = req_distinguished_name
+ 
diff --git a/openwsman.spec b/openwsman.spec
index 75f05b7..17a0a9b 100644
--- a/openwsman.spec
+++ b/openwsman.spec
@@ -3,7 +3,7 @@
 
 Name:		openwsman
 Version:	2.6.5
-Release:	9%{?dist}
+Release:	10%{?dist}
 Summary:	Open source Implementation of WS-Management
 
 License:	BSD
@@ -24,6 +24,8 @@ Patch6:		openwsman-2.6.5-CVE-2019-3816.patch
 # Patch7: fixes CVE-2019-3833, rhbz#1687865
 Patch7:		openwsman-2.6.5-CVE-2019-3833.patch
 Patch8:		openwsman-2.6.5-http-unauthorized-improve.patch
+# Patch9: fixes cert issue, rhbz#2220821
+Patch9:         openwsman-2.6.5-update-ssleay-conf.patch
 BuildRequires:	swig
 BuildRequires:	libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
 BuildRequires:	python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
@@ -133,6 +135,7 @@ You can use it to send shell commands to a remote Windows hosts.
 %patch6 -p1 -b .CVE-2019-3816
 %patch7 -p1 -b .CVE-2019-3833
 %patch8 -p1 -b .http-unauthorized-improve
+%patch9 -p1 -b .update-ssleay-conf
 
 %build
 # Removing executable permissions on .c and .h files to fix rpmlint warnings. 
@@ -289,6 +292,10 @@ rm -f /var/log/wsmand.log
 %{_bindir}/winrs
 
 %changelog
+* Thu Jul 27 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-10
+- Remove RANDFILE and increase default bits in ssleay.conf
+  Resolves: #2220821
+
 * Tue Feb 14 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
 - Add rpminspect.yaml
   Related: #2105315