Created attachment 933010 [details]
patch to make Makefile.certificate only pass -set_serial if user explicitly requests it
For the last ten years openssl has set a random certificate serial number if the user doesn't pass one, to substantially reduce the chance of conflicts. However, Makefile.certificate explicitly sets the serial number to 0 unless the user passes one in with SERIAL= , so it never got the benefit of this upstream change. The attached patch (against openssl *package* git master) adjusts Makefile.certificate so it only passes -set_serial if SERIAL is explicitly set by the user, so when it isn't, the certificate with get a random serial number.
Ping? This seems like a relatively straightforward change, I just didn't want to commit it on my own authority...
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.
More information and reason for this action is here:
openssl-1.0.2e-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update openssl'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.