Bug 1135719
Summary: | Makefile.certificate: don't set certificate serial number to 0 if user does not specify one | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> | ||||
Component: | openssl | Assignee: | Tomas Mraz <tmraz> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 22 | CC: | tmraz | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openssl-1.0.2e-1.fc23 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-12-06 19:19:14 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Ping? This seems like a relatively straightforward change, I just didn't want to commit it on my own authority... This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22 openssl-1.0.2e-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update openssl' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 933010 [details] patch to make Makefile.certificate only pass -set_serial if user explicitly requests it For the last ten years openssl has set a random certificate serial number if the user doesn't pass one, to substantially reduce the chance of conflicts. However, Makefile.certificate explicitly sets the serial number to 0 unless the user passes one in with SERIAL= , so it never got the benefit of this upstream change. The attached patch (against openssl *package* git master) adjusts Makefile.certificate so it only passes -set_serial if SERIAL is explicitly set by the user, so when it isn't, the certificate with get a random serial number.