Blame SOURCES/Fix-make-certs.sh-for-OpenSSL-1.1.patch

e58a44
From 7221a9f695016d3e4873bb799f06665ec74387f8 Mon Sep 17 00:00:00 2001
e58a44
From: Greg Hudson <ghudson@mit.edu>
e58a44
Date: Wed, 6 Sep 2017 12:56:37 -0400
e58a44
Subject: [PATCH] Fix make-certs.sh for OpenSSL 1.1
e58a44
e58a44
The openssl req commands in make-certs.sh contain -subj options which
e58a44
were ignored in favor of the config file prior to OpenSSL 1.1.  When
e58a44
they are used, they remove elements of the subject which are now
e58a44
required by t_pkinit.py.
e58a44
e58a44
(cherry picked from commit b0473da67d72e43b9f03b703869069348e872efc)
e58a44
[rharwood@redhat.com: remove newer sections in make-certs.sh]
e58a44
---
e58a44
 src/tests/dejagnu/pkinit-certs/make-certs.sh | 19 +++++++++----------
e58a44
 1 file changed, 9 insertions(+), 10 deletions(-)
e58a44
e58a44
diff --git a/src/tests/dejagnu/pkinit-certs/make-certs.sh b/src/tests/dejagnu/pkinit-certs/make-certs.sh
e58a44
index 0f07709b0..0d8c2019a 100755
e58a44
--- a/src/tests/dejagnu/pkinit-certs/make-certs.sh
e58a44
+++ b/src/tests/dejagnu/pkinit-certs/make-certs.sh
e58a44
@@ -122,15 +122,14 @@ SUBJECT=ca openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
e58a44
     -set_serial 1 -days $DAYS -key privkey.pem -out ca.pem
e58a44
 
e58a44
 # Generate a KDC certificate.
e58a44
-SUBJECT=kdc openssl req -config openssl.cnf -new -subj /CN=kdc \
e58a44
-    -key privkey.pem -out kdc.csr
e58a44
+SUBJECT=kdc openssl req -config openssl.cnf -new -key privkey.pem -out kdc.csr
e58a44
 SUBJECT=kdc openssl x509 -extfile openssl.cnf -extensions exts_kdc \
e58a44
     -set_serial 2 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
e58a44
     -out kdc.pem -in kdc.csr
e58a44
 
e58a44
 # Generate a client certificate and PKCS#12 bundles.
e58a44
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
e58a44
-    -key privkey.pem -out user.csr
e58a44
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
e58a44
+    -out user.csr
e58a44
 SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_client \
e58a44
     -set_serial 3 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
e58a44
     -out user.pem -in user.csr
e58a44
@@ -140,24 +139,24 @@ openssl pkcs12 -export -in user.pem -inkey privkey.pem -out user-enc.p12 \
e58a44
     -passout pass:encrypted
e58a44
 
e58a44
 # Generate a client certificate and PKCS#12 bundles with a UPN SAN.
e58a44
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
e58a44
-    -key privkey.pem -out user-upn.csr
e58a44
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
e58a44
+    -out user-upn.csr
e58a44
 SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn_client \
e58a44
     -set_serial 4 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
e58a44
     -out user-upn.pem -in user-upn.csr
e58a44
 openssl pkcs12 -export -in user-upn.pem -inkey privkey.pem -out user-upn.p12 \
e58a44
     -passout pass:
e58a44
 
e58a44
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
e58a44
-    -key privkey.pem -out user-upn2.csr
e58a44
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
e58a44
+    -out user-upn2.csr
e58a44
 SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn2_client \
e58a44
     -set_serial 5 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
e58a44
     -out user-upn2.pem -in user-upn2.csr
e58a44
 openssl pkcs12 -export -in user-upn2.pem -inkey privkey.pem \
e58a44
      -out user-upn2.p12 -passout pass:
e58a44
 
e58a44
-SUBJECT=user openssl req -config openssl.cnf -new -subj /CN=user \
e58a44
-    -key privkey.pem -out user-upn3.csr
e58a44
+SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \
e58a44
+    -out user-upn3.csr
e58a44
 SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn3_client \
e58a44
     -set_serial 6 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
e58a44
     -out user-upn3.pem -in user-upn3.csr