Bug 1135719 - Makefile.certificate: don't set certificate serial number to 0 if user does not specify one
Summary: Makefile.certificate: don't set certificate serial number to 0 if user does n...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-30 19:58 UTC by Adam Williamson
Modified: 2015-12-06 19:19 UTC (History)
1 user (show)

Fixed In Version: openssl-1.0.2e-1.fc23
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-06 19:19:14 UTC


Attachments (Terms of Use)
patch to make Makefile.certificate only pass -set_serial if user explicitly requests it (2.04 KB, text/plain)
2014-08-30 19:58 UTC, Adam Williamson
no flags Details

Description Adam Williamson 2014-08-30 19:58:22 UTC
Created attachment 933010 [details]
patch to make Makefile.certificate only pass -set_serial if user explicitly requests it

For the last ten years openssl has set a random certificate serial number if the user doesn't pass one, to substantially reduce the chance of conflicts. However, Makefile.certificate explicitly sets the serial number to 0 unless the user passes one in with SERIAL= , so it never got the benefit of this upstream change. The attached patch (against openssl *package* git master) adjusts Makefile.certificate so it only passes -set_serial if SERIAL is explicitly set by the user, so when it isn't, the certificate with get a random serial number.

Comment 1 Adam Williamson 2015-01-13 21:48:44 UTC
Ping? This seems like a relatively straightforward change, I just didn't want to commit it on my own authority...

Comment 2 Jaroslav Reznik 2015-03-03 16:15:45 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 3 Fedora Update System 2015-12-04 16:14:58 UTC
openssl-1.0.2e-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f

Comment 4 Fedora Update System 2015-12-06 17:21:10 UTC
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update openssl'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f

Comment 5 Fedora Update System 2015-12-06 19:18:39 UTC
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.