Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 933010 Details for
Bug 1135719
Makefile.certificate: don't set certificate serial number to 0 if user does not specify one
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
patch to make Makefile.certificate only pass -set_serial if user explicitly requests it
0001-Makefile.certificate-don-t-set-serial-number-to-0-if.patch (text/plain), 2.04 KB, created by
Adam Williamson
on 2014-08-30 19:58:22 UTC
(
hide
)
Description:
patch to make Makefile.certificate only pass -set_serial if user explicitly requests it
Filename:
MIME Type:
Creator:
Adam Williamson
Created:
2014-08-30 19:58:22 UTC
Size:
2.04 KB
patch
obsolete
>From 602910dfbb5c4889d494fd36c330f94e5c0b25e5 Mon Sep 17 00:00:00 2001 >From: Adam Williamson <awilliam@redhat.com> >Date: Sat, 30 Aug 2014 12:25:59 -0700 >Subject: [PATCH] Makefile.certificate: don't set serial number to 0 if none is > passed > >We should only explicitly set the certificate serial number if the >user specified one. Since 2004, if none is explicitly specified, >openssl will use a large random integer (substantially reducing the >likelihood of collisions). We should inherit this behaviour from >openssl, not explicitly specify 0 when no SERIAL= is passed. >--- > Makefile.certificate | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > >diff --git a/Makefile.certificate b/Makefile.certificate >index 4f9d55d..89cf18d 100644 >--- a/Makefile.certificate >+++ b/Makefile.certificate >@@ -1,8 +1,11 @@ > UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) >-SERIAL=0 > DAYS=365 > KEYLEN=2048 > TYPE=rsa:$(KEYLEN) >+EXTRA_FLAGS= >+ifdef SERIAL >+ EXTRA_FLAGS+=-set_serial $(SERIAL) >+endif > > .PHONY: usage > .SUFFIXES: .key .csr .crt .pem >@@ -42,7 +45,7 @@ usage: > umask 77 ; \ > PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ > PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ >- /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 -set_serial $(SERIAL) ; \ >+ /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ > cat $$PEM1 > $@ ; \ > echo "" >> $@ ; \ > cat $$PEM2 >> $@ ; \ >@@ -58,7 +61,7 @@ usage: > > %.crt: %.key > umask 77 ; \ >- /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ -set_serial $(SERIAL) >+ /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) > > TLSROOT=/etc/pki/tls > KEY=$(TLSROOT)/private/localhost.key >@@ -75,4 +78,4 @@ $(CSR): $(KEY) > > $(CRT): $(KEY) > umask 77 ; \ >- /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) -set_serial $(SERIAL) >+ /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) >-- >2.1.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=933010">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1135719
: 933010