1
0
apache2-mod_nss/mod_nss-gencert_stronger_password.patch
Lars Vogdt 0a305784b3 Accepting request 729843 from home:vitezslav_cizek:branches:Apache:Modules
- Use a stronger password in gencert to pass the stricter tests in
  FIPS mode (bsc#1150133)
  * https://pagure.io/mod_nss/pull-request/48
  * add mod_nss-gencert_stronger_password.patch

OBS-URL: https://build.opensuse.org/request/show/729843
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=51
2019-09-11 07:39:21 +00:00

43 lines
1.3 KiB
Diff

Index: mod_nss-1.0.18/gencert.in
===================================================================
--- mod_nss-1.0.18.orig/gencert.in 2019-09-10 13:43:27.548434070 +0200
+++ mod_nss-1.0.18/gencert.in 2019-09-10 13:43:53.424589071 +0200
@@ -75,6 +75,10 @@ VALIDITY=48
# 3 is the server cert "Server-Cert".
CERTSERIAL=0
+# Password for the certificate. Uses special characters and mixed case in order
+# to pass the strict NSS FIPS mode check
+PASSWORD="hTtp.Te5t"
+
if [ $# -lt 1 ]
then
echo "usage: $0 <destdir>" 1>&2
@@ -115,7 +119,7 @@ done
echo "TEST = $TEST"
echo "SNI = $SNI"
-echo "httptest" > $DEST/pw.txt
+echo "$PASSWORD" > $DEST/pw.txt
function generate_server_sni_cert {
hostname=$1
@@ -173,7 +177,7 @@ function generate_server_sni_cert {
echo ""
echo "#####################################################################"
echo "Generating new server certificate and key database. The password"
-echo "is httptest"
+echo "is $PASSWORD"
echo "#####################################################################"
$CERTUTIL -N -d $DBDIR -f $DEST/pw.txt
@@ -329,7 +333,7 @@ rm $DEST/pw.txt
rm $DEST/noise
echo ""
-echo "The database password is httptest"
+echo "The database password is $PASSWORD"
echo ""
# change the ownership of the NSS database so apache can access it