diff --git a/openssl-1_1-use-include-directive.patch b/openssl-1_1-use-include-directive.patch new file mode 100644 index 0000000..cc1e0c4 --- /dev/null +++ b/openssl-1_1-use-include-directive.patch @@ -0,0 +1,26 @@ +--- a/apps/openssl.cnf 2021-08-24 09:38:47.000000000 -0400 ++++ b/apps/openssl.cnf 2021-12-06 17:13:34.549291242 -0500 +@@ -11,9 +11,23 @@ + # defined. + HOME = . + ++openssl_conf = openssl_init ++ ++[openssl_init] ++ + # Extra OBJECT IDENTIFIER info: + #oid_file = $ENV::HOME/.oid + oid_section = new_oids ++engines = engine_section ++ ++# This include will look through the directory that will contain the ++# engine declarations for any engines provided by other packages. ++[engine_section] ++.include /etc/ssl/engines.d/ ++ ++# This include will look through the directory that will contain the ++# definitions of the engines declared in the engine section. ++.include /etc/ssl/engdef.d/ + + # To use this configuration file with the "-extfile" option of the + # "openssl x509" utility, name here the section containing the diff --git a/openssl-1_1.changes b/openssl-1_1.changes index be68827..62324b8 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Dec 6 22:21:15 UTC 2021 - Mark Post + +- Added openssl-1_1-use-include-directive.patch so that the default + /etc/ssl/openssl.cnf file will include any configuration files that + other packages might place into /etc/ssl/engines.d/ and + /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was + being used to modify the openssl.cnf file. The scripting would fail + if either the default openssl.cnf file, or the sample openssl-ibmca + configuration file would be changed by upstream. +- Updated spec file to create the two new necessary directores for + the above patch. + ------------------------------------------------------------------- Thu Nov 11 18:50:47 UTC 2021 - Giuliano Belinassi diff --git a/openssl-1_1.spec b/openssl-1_1.spec index b47fd3a..280cbce 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -111,6 +111,7 @@ Patch53: openssl-1_1-seclevel.patch Patch54: openssl-1_1-use-seclevel2-in-tests.patch Patch55: openssl-1_1-disable-test_srp-sslapi.patch Patch56: openssl-add_rfc3526_rfc7919.patch +Patch57: openssl-1_1-use-include-directive.patch BuildRequires: pkgconfig %if 0%{?suse_version} && ! 0%{?sle_version} Requires: crypto-policies @@ -285,6 +286,10 @@ rm -f %{buildroot}%{_sysconfdir}/ssl/openssl.cnf.dist ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl mkdir %{buildroot}/%{_datadir}/ssl mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/ +# Create the two directories into which packages will drop their configuration +# files. +mkdir %{buildroot}/%{ssletcdir}/engines.d/ +mkdir %{buildroot}/%{ssletcdir}/engdef.d/ # avoid file conflicts with man pages from other packages # @@ -382,6 +387,8 @@ unset LD_LIBRARY_PATH %dir %{ssletcdir} %config (noreplace) %{ssletcdir}/openssl.cnf %attr(700,root,root) %{ssletcdir}/private +%dir %{ssletcdir}/engines.d +%dir %{ssletcdir}/engdef.d %{ssletcdir}/ct_log_list.cnf %{ssletcdir}/ct_log_list.cnf.dist