pool/apache2
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 128919 from home:saschpe:branches:Apache

Browse Source 
- gensslcert: Use 0400 permissions for generated SSL certificate files
  instead of 0644

OBS-URL: https://build.opensuse.org/request/show/128919
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=368
This commit is contained in:
Roman Drahtmueller 2012-07-27 11:17:03 +00:00 committed by Git OBS Bridge
parent bb379cae66
commit 9386014e7c
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apache2.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Jul 25 11:32:34 UTC 2012 - saschpe@suse.de
- gensslcert: Use 0400 permissions for generated SSL certificate files
instead of 0644
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 6 11:58:03 UTC 2012 - meissner@suse.com Fri Jul 6 11:58:03 UTC 2012 - meissner@suse.com

12
gensslcert
View File

@ -91,7 +91,7 @@ sslprmdir=$r/etc/apache2/ssl.prm
# CA # CA
# #
echo;myecho creating CA key ... echo;myecho creating CA key ...
$openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $? (umask 0377 ; $openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?)
cat >$r/root/.mkcert.cfg <<EOT cat >$r/root/.mkcert.cfg <<EOT
[ req ] [ req ]
@ -116,7 +116,7 @@ challengePassword = $RANDOM$RANDOMA challenge password
EOT EOT
echo;myecho creating CA request/certificate ... echo;myecho creating CA request/certificate ...
$openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $? (umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?)
cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt
@ -124,7 +124,7 @@ cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')
# Server CERT # Server CERT
# #
echo;myecho creating server key ... echo;myecho creating server key ...
$openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 1024 || myexit $LINENO $? (umask 0377 ; $openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 1024 || myexit $LINENO $?)
cat >$r/root/.mkcert.cfg <<EOT cat >$r/root/.mkcert.cfg <<EOT
[ req ] [ req ]
@ -149,7 +149,7 @@ challengePassword = $RANDOM$RANDOMA challenge password
EOT EOT
echo;myecho creating server request ... echo;myecho creating server request ...
$openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $? (umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?)
cat >$r/root/.mkcert.cfg <<EOT cat >$r/root/.mkcert.cfg <<EOT
@ -163,14 +163,14 @@ EOT
test -f $r/root/.mkcert.serial || echo 01 >$r/root/.mkcert.serial test -f $r/root/.mkcert.serial || echo 01 >$r/root/.mkcert.serial
myecho "creating server certificate ..." myecho "creating server certificate ..."
$openssl x509 \ (umask 0377 ; $openssl x509 \
-extfile $r/root/.mkcert.cfg \ -extfile $r/root/.mkcert.cfg \
-days $srvdays \ -days $srvdays \
-CAserial $r/root/.mkcert.serial \ -CAserial $r/root/.mkcert.serial \
-CA $sslcrtdir/${name}ca.crt \ -CA $sslcrtdir/${name}ca.crt \
-CAkey $sslkeydir/${name}ca.key \ -CAkey $sslkeydir/${name}ca.key \
-in $sslcsrdir/${name}server.csr -req \ -in $sslcsrdir/${name}server.csr -req \
-out $sslcrtdir/${name}server.crt || myexit $LINENO $? -out $sslcrtdir/${name}server.crt || myexit $LINENO $?)
rm -f $r/root/.mkcert.cfg rm -f $r/root/.mkcert.cfg