isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/openssl-1.1.1-conf-paths.patch

e4b8d1
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
e4b8d1
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths	2018-06-20 16:48:09.000000000 +0200
e4b8d1
+++ openssl-1.1.1-pre8/apps/CA.pl.in	2018-07-25 17:26:58.388624296 +0200
e4b8d1
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
e4b8d1
 my $PKCS12 = "$openssl pkcs12";
e4b8d1
 
e4b8d1
 # default openssl.cnf file has setup as per the following
e4b8d1
-my $CATOP = "./demoCA";
e4b8d1
+my $CATOP = "/etc/pki/CA";
e4b8d1
 my $CAKEY = "cakey.pem";
e4b8d1
 my $CAREQ = "careq.pem";
e4b8d1
 my $CACERT = "cacert.pem";
e4b8d1
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
e4b8d1
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths	2018-07-25 17:26:58.378624057 +0200
e4b8d1
+++ openssl-1.1.1-pre8/apps/openssl.cnf	2018-07-27 13:20:08.198513471 +0200
e4b8d1
@@ -23,6 +23,22 @@ oid_section		= new_oids
e4b8d1
 # (Alternatively, use a configuration file that has only
e4b8d1
 # X.509v3 extensions in its main [= default] section.)
e4b8d1
 
e4b8d1
+# Load default TLS policy configuration
e4b8d1
+
e4b8d1
+openssl_conf = default_modules
e4b8d1
+
e4b8d1
+[ default_modules ]
e4b8d1
+
e4b8d1
+ssl_conf = ssl_module
e4b8d1
+
e4b8d1
+[ ssl_module ]
e4b8d1
+
e4b8d1
+system_default = crypto_policy
e4b8d1
+
e4b8d1
+[ crypto_policy ]
e4b8d1
+
e4b8d1
+.include /etc/crypto-policies/back-ends/opensslcnf.config
e4b8d1
+
e4b8d1
 [ new_oids ]
e4b8d1
 
e4b8d1
 # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
e4b8d1
@@ -43,7 +59,7 @@ default_ca	= CA_default		# The default c
e4b8d1
 ####################################################################
e4b8d1
 [ CA_default ]
e4b8d1
 
e4b8d1
-dir		= ./demoCA		# Where everything is kept
e4b8d1
+dir		= /etc/pki/CA		# Where everything is kept
e4b8d1
 certs		= $dir/certs		# Where the issued certs are kept
e4b8d1
 crl_dir		= $dir/crl		# Where the issued crl are kept
e4b8d1
 database	= $dir/index.txt	# database index file.
e4b8d1
@@ -329,7 +345,7 @@ default_tsa = tsa_config1	# the default
e4b8d1
 [ tsa_config1 ]
e4b8d1
 
e4b8d1
 # These are used by the TSA reply generation only.
e4b8d1
-dir		= ./demoCA		# TSA root directory
e4b8d1
+dir		= /etc/pki/CA		# TSA root directory
e4b8d1
 serial		= $dir/tsaserial	# The current serial number (mandatory)
e4b8d1
 crypto_device	= builtin		# OpenSSL engine to use for signing
e4b8d1
 signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate