877bcf
import sscg-3.0.0-4.el9
Authored and Committed by 
centosrcm
3 years ago
SOURCES/0001-Drop-usage-of-ERR_GET_FUNC.patch
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
From
|
|
1
|
+
From d2277e711bb16e3b98f43565e71b7865b5fed423 Mon Sep 17 00:00:00 2001
|
|
2
2
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
3
3
|
Date: Sat, 7 Aug 2021 11:48:04 -0400
|
|
4
|
-
Subject: [PATCH] Drop usage of ERR_GET_FUNC()
|
|
4
|
+
Subject: [PATCH 1/2] Drop usage of ERR_GET_FUNC()
|
|
5
5
|
|
|
6
6
|
This macro was dropped in OpenSSL 3.0 and has actually not been
|
|
7
7
|
providing a valid return code for some time.
|
|
@@ -14,7 +14,7 @@ Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
14
14
|
1 file changed, 1 deletion(-)
|
|
15
15
|
|
|
16
16
|
diff --git a/include/sscg.h b/include/sscg.h
|
|
17
|
-
index
|
|
17
|
+
index faf86ba4f68e186bd35c7bc3ec77b98b8e37d253..851dc93175607e5223a70ef40a5feb24b7b69215 100644
|
|
18
18
|
--- a/include/sscg.h
|
|
19
19
|
+++ b/include/sscg.h
|
|
20
20
|
|
|
@@ -30,5 +30,5 @@ index d4499227ea5bd23ac5cae27680438cfe0709fbc4..99788e6001791b658298626d464edcdc
|
|
|
30
30
|
fprintf ( \
|
|
31
31
|
stderr, \
|
|
32
32
|
--
|
|
33
|
-
2.
|
|
33
|
+
2.33.0
|
|
34
34
|
|
SOURCES/0002-Correct-certificate-lifetime-calculation.patch
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
From 87604820a935f87a8f533e3f294419d27c0514eb Mon Sep 17 00:00:00 2001
|
|
2
|
+
From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
|
|
3
|
+
Date: Tue, 26 Oct 2021 12:32:13 +0200
|
|
4
|
+
Subject: [PATCH 2/2] Correct certificate lifetime calculation
|
|
5
|
+
|
|
6
|
+
sscg allows passing the certificate lifetime, as a number of days, as a
|
|
7
|
+
commandline argument. It converts this value to seconds using the
|
|
8
|
+
formula
|
|
9
|
+
|
|
10
|
+
days * 24 * 3650
|
|
11
|
+
|
|
12
|
+
which is incorrect. The correct value is 3600.
|
|
13
|
+
|
|
14
|
+
This effectively adds an extra 20 minutes to the lifetime of the
|
|
15
|
+
certificate for each day as given on the commandline, and was enough to
|
|
16
|
+
cause some new integration tests in cockpit to fail.
|
|
17
|
+
|
|
18
|
+
Interestingly, 3650 is the old default value for the number of days of
|
|
19
|
+
certificate validity (~10 years) so this probably slipped in as a sort
|
|
20
|
+
of muscle-memory-assisted typo.
|
|
21
|
+
|
|
22
|
+
Let's just write `24 * 60 * 60` to make things clear.
|
|
23
|
+
---
|
|
24
|
+
src/x509.c | 2 +-
|
|
25
|
+
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
26
|
+
|
|
27
|
+
diff --git a/src/x509.c b/src/x509.c
|
|
28
|
+
index dc1594a4bdcb9d81607f0fe5ad2d4562e5edb533..7c7e4dfe56d5756862f3e0f851941e846ce96f31 100644
|
|
29
|
+
--- a/src/x509.c
|
|
30
|
+
+++ b/src/x509.c
|
|
31
|
+
@@ -416,11 +416,11 @@ sscg_sign_x509_csr (TALLOC_CTX *mem_ctx,
|
|
32
|
+
X509_set_issuer_name (cert, X509_REQ_get_subject_name (csr));
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
/* set time */
|
|
36
|
+
X509_gmtime_adj (X509_get_notBefore (cert), 0);
|
|
37
|
+
- X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 3650);
|
|
38
|
+
+ X509_gmtime_adj (X509_get_notAfter (cert), days * 24 * 60 * 60);
|
|
39
|
+
|
|
40
|
+
/* set subject */
|
|
41
|
+
subject = X509_NAME_dup (X509_REQ_get_subject_name (csr));
|
|
42
|
+
sslret = X509_set_subject_name (cert, subject);
|
|
43
|
+
CHECK_SSL (sslret, X509_set_subject_name);
|
|
44
|
+
--
|
|
45
|
+
2.33.0
|
|
46
|
+
|
SPECS/sscg.spec
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
|
|
10
10
|
Name: sscg
|
|
11
11
|
Version: 3.0.0
|
|
12
|
-
Release:
|
|
12
|
+
Release: 4%{?dist}
|
|
13
13
|
Summary: Simple SSL certificate generator
|
|
14
14
|
|
|
15
15
|
License: GPLv3+ with exceptions
|
|
@@ -27,6 +27,7 @@ BuildRequires: help2man
|
|
|
27
27
|
|
|
28
28
|
|
|
29
29
|
Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
|
30
|
+
Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
|
|
30
31
|
|
|
31
32
|
|
|
32
33
|
%description
|
|
@@ -58,6 +59,10 @@ false signatures from the service certificate.
|
|
|
58
59
|
%{_mandir}/man8/%{name}.8*
|
|
59
60
|
|
|
60
61
|
%changelog
|
|
62
|
+
* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
|
|
63
|
+
- Correct certificate lifetime calculation
|
|
64
|
+
- Resolves: rhbz#2017667
|
|
65
|
+
|
|
61
66
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
|
|
62
67
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
63
68
|
Related: rhbz#1991688
|