diff --git a/0001-Extend-maximum-DNS-name-to-255.patch b/0001-Extend-maximum-DNS-name-to-255.patch index 7ce5725..7f18273 100644 --- a/0001-Extend-maximum-DNS-name-to-255.patch +++ b/0001-Extend-maximum-DNS-name-to-255.patch @@ -1,7 +1,7 @@ -From 750dee2eded3b1c16e0434fa387d35a869545d9e Mon Sep 17 00:00:00 2001 +From d3a4452d7cc78589fb6077e98b228e09e9e76e3f Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 15 Feb 2023 15:49:38 -0500 -Subject: [PATCH 1/2] Extend maximum DNS name to 255 +Subject: [PATCH 1/3] Extend maximum DNS name to 255 The hostname part is still restricted to 63 characters @@ -201,5 +201,5 @@ index 4f3f11cd3411f00cf6de3a72ba897adc97944e35..9f6f21b49c2dd70629fed67d32702737 goto done; } -- -2.41.0 +2.49.0 diff --git a/0002-Update-README.md-with-latest-usage-information.patch b/0002-Update-README.md-with-latest-usage-information.patch index 4294050..e295244 100644 --- a/0002-Update-README.md-with-latest-usage-information.patch +++ b/0002-Update-README.md-with-latest-usage-information.patch @@ -1,7 +1,7 @@ -From ff2cf0e789cb62c1efbb95ee3f6ccd1958a9d10e Mon Sep 17 00:00:00 2001 +From 14df7d212d020f247587e2d850ec27dbd16add38 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 1 Sep 2023 08:19:01 -0400 -Subject: [PATCH 2/2] Update README.md with latest usage information +Subject: [PATCH 2/3] Update README.md with latest usage information Signed-off-by: Stephen Gallagher --- @@ -105,5 +105,5 @@ index d15c3d955d03026e8a68c04870a5f97a20eb03d9..4d57138895443f228212a6c772093504 Help options: -- -2.41.0 +2.49.0 diff --git a/0003-x509-Use-proper-version-for-CSR.patch b/0003-x509-Use-proper-version-for-CSR.patch new file mode 100644 index 0000000..cca0fc5 --- /dev/null +++ b/0003-x509-Use-proper-version-for-CSR.patch @@ -0,0 +1,31 @@ +From 70b0a4742a67616a5223a0cdc2067effccf081e9 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Sat, 19 Oct 2024 15:43:20 +0200 +Subject: [PATCH 3/3] x509: Use proper version for CSR. + +RFC 2986 only defines a single version for CSRs: X509_VERSION_1 (0). +OpenSSL starting with 3.4 rejects everything else. + +Use X509_VERSION_1 as version for X509_REQ_set_version. + +Signed-off-by: Sebastian Andrzej Siewior +--- + src/x509.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/x509.c b/src/x509.c +index 9f6f21b49c2dd70629fed67d327027374eb21b15..503b7b1b51ed45909104d1b5e593129ee9e8dee2 100644 +--- a/src/x509.c ++++ b/src/x509.c +@@ -169,7 +169,7 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx, + talloc_set_destructor ((TALLOC_CTX *)csr, _sscg_csr_destructor); + + /* We will generate only x509v3 certificates */ +- sslret = X509_REQ_set_version (csr->x509_req, 2); ++ sslret = X509_REQ_set_version (csr->x509_req, X509_VERSION_1); + CHECK_SSL (sslret, X509_REQ_set_version); + + subject = X509_REQ_get_subject_name (csr->x509_req); +-- +2.49.0 + diff --git a/sscg.spec b/sscg.spec index eb71105..e522e8e 100644 --- a/sscg.spec +++ b/sscg.spec @@ -18,7 +18,12 @@ URL: https://%{provider_prefix} Source0: sscg-3.0.5.tar.gz # Extend maximum DNS name to 255 # Author: Stephen Gallagher -Patch1: 0001-Extend-maximum-DNS-name-to-255.patch +Patch: 0001-Extend-maximum-DNS-name-to-255.patch +# Update the README documentation +Patch: 0002-Update-README.md-with-latest-usage-information.patch +# Set Certificate Signing Request version to 1 instead of 3(which doesn't exist) +Patch: 0003-x509-Use-proper-version-for-CSR.patch + BuildRequires: gcc BuildRequires: libtalloc-devel BuildRequires: openssl