Resolves: RHEL-25985 - FTBFS due to OpenSSL 3.2

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2024-02-16 17:03:17 -05:00 · 2024-02-16 17:03:17 -05:00 · 1690289de7
commit 1690289de7
parent ee34878d04
2 changed files with 52 additions and 0 deletions
--- a/0003-tests-Drop-extensions-from-openssl-command-if-there-.patch
+++ b/0003-tests-Drop-extensions-from-openssl-command-if-there-.patch
@ -0,0 +1,48 @@
+From 32b72c7c3303edb2bf55ae9a22e8db7855f3d7d1 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Wed, 24 Jan 2024 23:03:04 +0100
+Subject: [PATCH] tests: Drop -extensions from openssl command if there is no
+ -x509
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The 'openssl req' ignores the '-extensions' option without '-x509'.
+OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
+an error is generated:
+
+| /usr/bin/openssl req -batch -config
+| ../../../../../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config
+| -new -nodes -key
+| …/build/../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem
+-sha256 -extensions v3_ca -out SSSD_test_intermediate_CA_req.pem
+| Error adding request extensions from section v3_ca
+| 003163BAB27F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156:
+| 003163BAB27F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always
+|
+
+Remove the '-extensions' option.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/tests/test_CA/intermediate_CA/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tests/test_CA/intermediate_CA/Makefile.am b/src/tests/test_CA/intermediate_CA/Makefile.am
+index b439f82cb03e5c99006b948c9eba2ba26ef4206c..50fcddb8d22213400f7ee31c6ba1eb7b8ccd14cd 100644
+--- a/src/tests/test_CA/intermediate_CA/Makefile.am
+++ b/src/tests/test_CA/intermediate_CA/Makefile.am
+@@ -33,7 +33,7 @@ SSSD_test_CA.pem:
+ 	ln -s $(builddir)/../$@
+ 
+ SSSD_test_intermediate_CA_req.pem: $(openssl_intermediate_ca_key) $(openssl_intermediate_ca_config) SSSD_test_CA.pem
+-	$(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -extensions v3_ca -out $@
+	$(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -out $@
+ 
+ SSSD_test_intermediate_CA.pem: SSSD_test_intermediate_CA_req.pem $(openssl_root_ca_config) $(openssl_root_ca_key)
+ 	cd .. && $(OPENSSL) ca -config ${openssl_root_ca_config} -batch -notext -keyfile $(openssl_root_ca_key) -in $(abs_builddir)/$< -days 200 -extensions v3_intermediate_ca -out $(abs_builddir)/$@
+-- 
+2.43.2
+
--- a/sssd.spec
+++ b/sssd.spec
@ -52,6 +52,7 @@ Source0: https://github.com/SSSD/sssd/releases/download/2.9.4/sssd-2.9.4.tar.gz
 ### Patches ###
 Patch0001: 0001-ENUMERATION-conditional-build-of-enumeration-support.patch
 Patch0002: 0002-Fix-the-build-with-Samba-4.20.patch
+Patch0003: 0003-tests-Drop-extensions-from-openssl-command-if-there-.patch

 ### Dependencies ###

@ -1060,6 +1061,9 @@ fi
 %systemd_postun_with_restart sssd.service

 %changelog
+* Fri Feb 16 2024 Stephen Gallagher <sgallagh@redhat.com> - 2.9.4-5
+- Resolves: RHEL-25985 - FTBFS due to OpenSSL 3.2
+
 * Fri Feb 02 2024 Stephen Gallagher <sgallagh@redhat.com> - 2.9.4-5
 - Restore i686 on Fedora ELN