0a305784b3
- Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133) * https://pagure.io/mod_nss/pull-request/48 * add mod_nss-gencert_stronger_password.patch OBS-URL: https://build.opensuse.org/request/show/729843 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=51
43 lines
1.3 KiB
Diff
43 lines
1.3 KiB
Diff
Index: mod_nss-1.0.18/gencert.in
|
|
===================================================================
|
|
--- mod_nss-1.0.18.orig/gencert.in 2019-09-10 13:43:27.548434070 +0200
|
|
+++ mod_nss-1.0.18/gencert.in 2019-09-10 13:43:53.424589071 +0200
|
|
@@ -75,6 +75,10 @@ VALIDITY=48
|
|
# 3 is the server cert "Server-Cert".
|
|
CERTSERIAL=0
|
|
|
|
+# Password for the certificate. Uses special characters and mixed case in order
|
|
+# to pass the strict NSS FIPS mode check
|
|
+PASSWORD="hTtp.Te5t"
|
|
+
|
|
if [ $# -lt 1 ]
|
|
then
|
|
echo "usage: $0 <destdir>" 1>&2
|
|
@@ -115,7 +119,7 @@ done
|
|
echo "TEST = $TEST"
|
|
echo "SNI = $SNI"
|
|
|
|
-echo "httptest" > $DEST/pw.txt
|
|
+echo "$PASSWORD" > $DEST/pw.txt
|
|
|
|
function generate_server_sni_cert {
|
|
hostname=$1
|
|
@@ -173,7 +177,7 @@ function generate_server_sni_cert {
|
|
echo ""
|
|
echo "#####################################################################"
|
|
echo "Generating new server certificate and key database. The password"
|
|
-echo "is httptest"
|
|
+echo "is $PASSWORD"
|
|
echo "#####################################################################"
|
|
$CERTUTIL -N -d $DBDIR -f $DEST/pw.txt
|
|
|
|
@@ -329,7 +333,7 @@ rm $DEST/pw.txt
|
|
rm $DEST/noise
|
|
|
|
echo ""
|
|
-echo "The database password is httptest"
|
|
+echo "The database password is $PASSWORD"
|
|
echo ""
|
|
|
|
# change the ownership of the NSS database so apache can access it
|