Accepting request 729843 from home:vitezslav_cizek:branches:Apache:Modules

- Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133) * https://pagure.io/mod_nss/pull-request/48 * add mod_nss-gencert_stronger_password.patch OBS-URL: https://build.opensuse.org/request/show/729843 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=51
2019-09-11 07:39:21 +00:00 · 2019-09-11 07:39:21 +00:00 · 0a305784b3
commit 0a305784b3
parent 1fc9f41b12
3 changed files with 52 additions and 3 deletions
--- a/apache2-mod_nss.changes
+++ b/apache2-mod_nss.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Sep 10 11:01:45 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Use a stronger password in gencert to pass the stricter tests in
+  FIPS mode (bsc#1150133)
+  * https://pagure.io/mod_nss/pull-request/48
+  * add mod_nss-gencert_stronger_password.patch
+
 -------------------------------------------------------------------
 Fri Jun 28 11:15:10 UTC 2019 - Petr Gajdos <pgajdos@suse.com>

--- a/apache2-mod_nss.spec
+++ b/apache2-mod_nss.spec
@ -39,6 +39,7 @@ Source5:        vhost-nss.template
 Patch1:         mod_nss-migrate.patch
 Patch2:         mod_nss-gencert-correct-ownership.patch
 Patch4:         mod_nss-gencert_use_ss_instead_of_netstat.patch
+Patch5:         mod_nss-gencert_stronger_password.patch
 BuildRequires:  apache-rex
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel >= 2.2.12
@ -74,9 +75,7 @@ security library.

 %prep
 %setup -q -n mod_nss-%{version}
-%patch1 -p1
-%patch2 -p1
-%patch4 -p1
+%autopatch -p1

 # Touch expression parser sources to prevent regenerating it
 touch nss_expr_*.[chyl]
--- a/mod_nss-gencert_stronger_password.patch
+++ b/mod_nss-gencert_stronger_password.patch
@ -0,0 +1,42 @@
+Index: mod_nss-1.0.18/gencert.in
+===================================================================
+--- mod_nss-1.0.18.orig/gencert.in	2019-09-10 13:43:27.548434070 +0200
+++ mod_nss-1.0.18/gencert.in	2019-09-10 13:43:53.424589071 +0200
+@@ -75,6 +75,10 @@ VALIDITY=48
+ # 3 is the server cert "Server-Cert".
+ CERTSERIAL=0
+ 
+# Password for the certificate. Uses special characters and mixed case in order
+# to pass the strict NSS FIPS mode check
+PASSWORD="hTtp.Te5t"
+
+ if [ $# -lt 1 ]
+ then
+     echo "usage: $0 <destdir>" 1>&2
+@@ -115,7 +119,7 @@ done
+ echo "TEST = $TEST"
+ echo "SNI = $SNI"
+ 
+-echo "httptest" > $DEST/pw.txt
+echo "$PASSWORD" > $DEST/pw.txt
+ 
+ function generate_server_sni_cert {
+     hostname=$1
+@@ -173,7 +177,7 @@ function generate_server_sni_cert {
+ echo ""
+ echo "#####################################################################"
+ echo "Generating new server certificate and key database. The password"
+-echo "is httptest"
+echo "is $PASSWORD"
+ echo "#####################################################################"
+ $CERTUTIL -N -d $DBDIR -f $DEST/pw.txt
+ 
+@@ -329,7 +333,7 @@ rm $DEST/pw.txt
+ rm $DEST/noise
+ 
+ echo ""
+-echo "The database password is httptest"
+echo "The database password is $PASSWORD"
+ echo ""
+ 
+ # change the ownership of the NSS database so apache can access it