rebuilt with enable-ssl2 [release 1.0.1s-2mamba;Sat Apr 30 2016]
This commit is contained in:
parent
98e4308ca8
commit
9011d6d298
@ -1,2 +1,7 @@
|
|||||||
# openssl101
|
# openssl101
|
||||||
|
|
||||||
|
The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL.
|
||||||
|
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
|
||||||
|
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
|
||||||
|
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
|
||||||
|
|
||||||
|
16
openssl-1.0.1a-fix_non_ia32.patch
Normal file
16
openssl-1.0.1a-fix_non_ia32.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff -Nru openssl-1.0.1a.orig/crypto/evp/e_rc4_hmac_md5.c openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c
|
||||||
|
--- openssl-1.0.1a.orig/crypto/evp/e_rc4_hmac_md5.c 2012-04-18 19:51:33.000000000 +0200
|
||||||
|
+++ openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c 2012-04-24 12:34:58.532532269 +0200
|
||||||
|
@@ -289,8 +289,12 @@
|
||||||
|
|
||||||
|
const EVP_CIPHER *EVP_rc4_hmac_md5(void)
|
||||||
|
{
|
||||||
|
+ #if defined(STITCHED_CALL)
|
||||||
|
extern unsigned int OPENSSL_ia32cap_P[];
|
||||||
|
/* RC4_CHAR flag ------------vvvvv */
|
||||||
|
return(OPENSSL_ia32cap_P[0]&(1<<20) ? NULL : &r4_hmac_md5_cipher);
|
||||||
|
+ #else
|
||||||
|
+ return(&r4_hmac_md5_cipher);
|
||||||
|
+ #endif
|
||||||
|
}
|
||||||
|
#endif
|
53
openssl-1.0.1p-symbol_versioning.patch
Normal file
53
openssl-1.0.1p-symbol_versioning.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
diff -up openssl-1.0.1/Makefile.shared.version openssl-1.0.1/Makefile.shared
|
||||||
|
--- openssl-1.0.1/Makefile.shared.version 2012-03-14 20:58:20.553350959 +0100
|
||||||
|
+++ openssl-1.0.1/Makefile.shared 2012-03-14 20:58:20.631352556 +0100
|
||||||
|
@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
|
||||||
|
SHLIB_SUFFIX=; \
|
||||||
|
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||||
|
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||||
|
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
|
||||||
|
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
|
||||||
|
|
||||||
|
DO_GNU_APP=LDFLAGS="$(CFLAGS)"
|
||||||
|
|
||||||
|
diff -up openssl-1.0.1/version.map.version openssl-1.0.1/version.map
|
||||||
|
--- openssl-1.0.1/version.map.version 2012-03-14 20:58:20.631352556 +0100
|
||||||
|
+++ openssl-1.0.1/version.map 2012-03-14 20:58:20.631352556 +0100
|
||||||
|
@@ -0,0 +1,7 @@
|
||||||
|
+OPENSSL_1.0.1 {
|
||||||
|
+ global:
|
||||||
|
+ SSLeay;
|
||||||
|
+ local:
|
||||||
|
+ _original*;
|
||||||
|
+ _current*;
|
||||||
|
+};
|
||||||
|
--- openssl-1.0.1p/crypto/cversion.c.orig 2015-08-16 15:44:39.732602452 +0200
|
||||||
|
+++ openssl-1.0.1p/crypto/cversion.c 2015-08-16 15:45:16.262509801 +0200
|
||||||
|
@@ -97,7 +97,14 @@
|
||||||
|
return ("not available");
|
||||||
|
}
|
||||||
|
|
||||||
|
-unsigned long SSLeay(void)
|
||||||
|
+unsigned long _original_SSLeay(void)
|
||||||
|
{
|
||||||
|
- return (SSLEAY_VERSION_NUMBER);
|
||||||
|
+ return(0x10000003);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+unsigned long _current_SSLeay(void)
|
||||||
|
+{
|
||||||
|
+ return(SSLEAY_VERSION_NUMBER);
|
||||||
|
+}
|
||||||
|
+__asm__(".symver _original_SSLeay,SSLeay@");
|
||||||
|
+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
|
||||||
|
--- openssl-1.0.1p/crypto/opensslv.h.orig 2015-08-16 15:44:39.733602449 +0200
|
||||||
|
+++ openssl-1.0.1p/crypto/opensslv.h 2015-08-16 15:47:04.895305120 +0200
|
||||||
|
@@ -88,7 +88,7 @@
|
||||||
|
* should only keep the versions that are binary compatible with the current.
|
||||||
|
*/
|
||||||
|
# define SHLIB_VERSION_HISTORY ""
|
||||||
|
-# define SHLIB_VERSION_NUMBER "1.0.0"
|
||||||
|
+# define SHLIB_VERSION_NUMBER "1.0.1"
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
78
openssl-1.0.1s-legacy-engines-dir.patch
Normal file
78
openssl-1.0.1s-legacy-engines-dir.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
Index: openssl-1.0.0c/Makefile.org
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.0.0c.orig/Makefile.org 2010-01-27 17:06:58.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/Makefile.org 2010-12-13 19:41:03.000000000 +0100
|
||||||
|
@@ -497,7 +497,7 @@
|
||||||
|
install_sw:
|
||||||
|
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||||
|
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
|
||||||
|
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
|
||||||
|
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines \
|
||||||
|
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
|
||||||
|
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
||||||
|
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
||||||
|
Index: openssl-1.0.0c/engines/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.0.0c.orig/engines/Makefile 2010-08-24 23:46:34.000000000 +0200
|
||||||
|
+++ openssl-1.0.0c/engines/Makefile 2010-12-12 19:16:22.000000000 +0100
|
||||||
|
@@ -107,7 +107,7 @@
|
||||||
|
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
|
||||||
|
@if [ -n "$(SHARED_LIBS)" ]; then \
|
||||||
|
set -e; \
|
||||||
|
- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
|
||||||
|
+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines; \
|
||||||
|
for l in $(LIBNAMES); do \
|
||||||
|
( echo installing $$l; \
|
||||||
|
pfx=lib; \
|
||||||
|
@@ -119,13 +119,13 @@
|
||||||
|
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
|
||||||
|
*) sfx=".bad";; \
|
||||||
|
esac; \
|
||||||
|
- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||||
|
+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new; \
|
||||||
|
else \
|
||||||
|
sfx=".so"; \
|
||||||
|
- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||||
|
+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new; \
|
||||||
|
fi; \
|
||||||
|
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||||
|
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
|
||||||
|
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new; \
|
||||||
|
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx ); \
|
||||||
|
done; \
|
||||||
|
fi
|
||||||
|
@target=install; $(RECURSIVE_MAKE)
|
||||||
|
Index: openssl-1.0.0c/Configure
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.0.0c.orig/Configure 2010-12-12 19:16:22.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/Configure 2010-12-13 19:40:53.000000000 +0100
|
||||||
|
@@ -1732,7 +1732,7 @@
|
||||||
|
}
|
||||||
|
elsif (/^#define\s+ENGINESDIR/)
|
||||||
|
{
|
||||||
|
- my $foo = "$prefix/$libdir/engines";
|
||||||
|
+ my $foo = "$prefix/$libdir/openssl-1.0.1/engines";
|
||||||
|
$foo =~ s/\\/\\\\/g;
|
||||||
|
print OUT "#define ENGINESDIR \"$foo\"\n";
|
||||||
|
}
|
||||||
|
Index: openssl-1.0.0c/engines/ccgost/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.0.0c.orig/engines/ccgost/Makefile 2010-12-13 19:41:14.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/engines/ccgost/Makefile 2010-12-13 19:42:21.000000000 +0100
|
||||||
|
@@ -53,13 +53,13 @@
|
||||||
|
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
|
||||||
|
*) sfx=".bad";; \
|
||||||
|
esac; \
|
||||||
|
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
|
||||||
|
+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx.new; \
|
||||||
|
else \
|
||||||
|
sfx=".so"; \
|
||||||
|
cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
|
||||||
|
fi; \
|
||||||
|
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
|
||||||
|
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
|
||||||
|
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx.new; \
|
||||||
|
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
links:
|
160
openssl-makecerts
Normal file
160
openssl-makecerts
Normal file
@ -0,0 +1,160 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Creates self-signed ssl certificates
|
||||||
|
# Copyright (c) 2003-2008 by Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||||
|
# Copyright (c) 2003-2005 by Davide Madrisan <davide.madrisan@qilinux.it>
|
||||||
|
#
|
||||||
|
# Create server side certificates
|
||||||
|
# documentation taken from openssl howtos http://www.openssl.org/docs/HOWTO/
|
||||||
|
|
||||||
|
SSLDIR=/var/ssl
|
||||||
|
[ "$CADAYS" ] || CADAYS=3650
|
||||||
|
[ "$CERTDAYS" ] || CERTDAYS=1825
|
||||||
|
mksslc_tempfile=`tempfile 2>/dev/null`
|
||||||
|
# 1. Creating a certificate request (optional)
|
||||||
|
# To create a certificate, you need to start with a certificate request
|
||||||
|
# or, as some certificate authorities like to put it,
|
||||||
|
# "certificate signing request", since that's exactly what they do,
|
||||||
|
# they sign it and give you the result back, thus making it authentic
|
||||||
|
# according to their policies. A certificate request can then be sent
|
||||||
|
# to a certificate authority to get it signed into a certificate, or if
|
||||||
|
# you have your own certificate authority, you may sign it yourself, or
|
||||||
|
# if you need a self-signed certificate. Because you just want a test
|
||||||
|
# certificate or because you are setting up your own CA.
|
||||||
|
|
||||||
|
#openssl req -new -key privkey.perm -out cert.csr
|
||||||
|
|
||||||
|
# 2. Creating a self-signed root Certification Authority certificate
|
||||||
|
# If you don't want to deal with another certificate authority, or just
|
||||||
|
# want to create a test certificate for yourself. This is similar to
|
||||||
|
# creating a certificate request, but creates a certificate instead of
|
||||||
|
# a certificate request. This is NOT the recommended way to create a
|
||||||
|
# CA certificate, see ca.txt.
|
||||||
|
|
||||||
|
if [ ! -e $SSLDIR/cacert.pem ]; then
|
||||||
|
echo
|
||||||
|
echo "Creating a new Certification Authority"
|
||||||
|
[ "$CAPASS" -a "$CACOUNTRY" -a "$CASTATE" -a "$CACITY" -a \
|
||||||
|
"$CAORGANIZATION" -a "$CAOU" -a "$CACOMMONNAME" -a "$CAEMAIL" ] ||
|
||||||
|
echo "Please enter information about the Certification Authority"
|
||||||
|
while [ ! "$CACOUNTRY" -o ${#CACOUNTRY} -ne 2 ]; do
|
||||||
|
read -p "Two-letters country code (e.g. IT): " CACOUNTRY;
|
||||||
|
done
|
||||||
|
while [ ! "$CASTATE" ]; do read -p "State: " CASTATE; done
|
||||||
|
while [ ! "$CACITY" ]; do read -p "City: " CACITY; done
|
||||||
|
while [ ! "$CAORGANIZATION" ]; do read -p "Organization: " CAORGANIZATION; done
|
||||||
|
while [ ! "$CAOU" ]; do read -p "Operational unit: " CAOU; done
|
||||||
|
while [ ! "$CACOMMONNAME" ]; do read -p "Common name: " CACOMMONNAME; done
|
||||||
|
while [ ! "$CAEMAIL" ]; do read -p "Email: " CAEMAIL; done
|
||||||
|
while [ ! "$CAPASS" -o "$CAPASS" != "$CONFIRMPASS" ]; do
|
||||||
|
unset CAPASS
|
||||||
|
while [ ! "$CAPASS" ]; do read -s -p "Please enter a passphrase: " CAPASS; echo; done
|
||||||
|
read -s -p "Please confirm the passphrase: " CONFIRMPASS
|
||||||
|
echo
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Generating a self-signed root Certification Authority certificate"
|
||||||
|
cat << _EOF > $mksslc_tempfile
|
||||||
|
$CAPASS
|
||||||
|
$CACOUNTRY
|
||||||
|
$CASTATE
|
||||||
|
$CACITY
|
||||||
|
$CAORGANIZATION
|
||||||
|
$CAOU
|
||||||
|
$CACOMMONNAME
|
||||||
|
$CAEMAIL
|
||||||
|
_EOF
|
||||||
|
|
||||||
|
openssl req -passout stdin -new -x509 -keyout $SSLDIR/private/cakey.pem \
|
||||||
|
-out $SSLDIR/cacert.pem -days 3650 < $mksslc_tempfile 2>&1 || exit 1
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f $mksslc_tempfile # remove sensible data
|
||||||
|
|
||||||
|
[ "$CERTPASS" -a "$CERTCOUNTRY" -a "$CERTSTATE" -a "$CERTCITY" -a \
|
||||||
|
"$CERTORGANIZATION" -a "$CERTOU" -a "$CERTCOMMONNAME" -a "$CERTEMAIL" ] || {
|
||||||
|
echo
|
||||||
|
echo "Please enter information about the self-signed server certificate"
|
||||||
|
}
|
||||||
|
|
||||||
|
while [ ! "$CERTCOUNTRY" -o ${#CERTCOUNTRY} -ne 2 ]; do
|
||||||
|
read -p "Two-letters country code (e.g. IT) [$CACOUNTRY]: " CERTCOUNTRY
|
||||||
|
[ "$CERTCOUNTRY" ] || CERTCOUNTRY=$CACOUNTRY
|
||||||
|
done
|
||||||
|
while [ ! "$CERTSTATE" ]; do
|
||||||
|
read -p "State [$CASTATE]: " CERTSTATE
|
||||||
|
[ "$CERTSTATE" ] || CERTSTATE=$CASTATE
|
||||||
|
done
|
||||||
|
while [ ! "$CERTCITY" ]; do
|
||||||
|
read -p "City [$CACITY]: " CERTCITY
|
||||||
|
[ "$CERTCITY" ] || CERTCITY=$CACITY
|
||||||
|
done
|
||||||
|
while [ ! "$CERTORGANIZATION" ]; do
|
||||||
|
read -p "Organization [$CAORGANIZATION]: " CERTORGANIZATION
|
||||||
|
[ "$CERTORGANIZATION" ] || CERTORGANIZATION="$CAORGANIZATION"
|
||||||
|
done
|
||||||
|
while [ ! "$CERTOU" ]; do
|
||||||
|
read -p "Operational unit [$CAOU]: " CERTOU
|
||||||
|
[ "$CERTOU" ] || CERTOU=$CAOU
|
||||||
|
done
|
||||||
|
while [ ! "$CERTCOMMONNAME" ]; do
|
||||||
|
read -p "Common name [$CACOMMONNAME]: " CERTCOMMONNAME
|
||||||
|
[ "$CERTCOMMONNAME" ] || CERTCOMMONNAME=$CACOMMONNAME
|
||||||
|
done
|
||||||
|
while [ ! "$CERTEMAIL" ]; do
|
||||||
|
read -p "Email [$CAEMAIL]: " CERTEMAIL
|
||||||
|
[ "$CERTEMAIL" ] || CERTEMAIL=$CAEMAIL
|
||||||
|
done
|
||||||
|
while [ ! "$CERTPASS" -o "$CERTPASS" != "$CONFIRMPASS" ]; do
|
||||||
|
unset CERTPASS
|
||||||
|
while [ ! "$CERTPASS" ]; do read -s -p "Please enter a passphrase: " CERTPASS; echo; done
|
||||||
|
read -s -p "Please confirm the passphrase: " CONFIRMPASS
|
||||||
|
echo
|
||||||
|
done
|
||||||
|
while [ ! "$CAPASS" ]; do
|
||||||
|
read -s -p "Please, enter the CA passphrase for signing the certificate: " CAPASS
|
||||||
|
done
|
||||||
|
|
||||||
|
[ -e $SSLDIR/certs/localhost.crt ] && {
|
||||||
|
read -p "A certificate called $SSLDIR/certs/localhost.crt already exists; overwrite [y/N]?" OVERWRITE
|
||||||
|
echo
|
||||||
|
[ "$OVERWRITE" != "y" -a "$OVERWRITE" != "Y" ] && exit 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# 3. Generate a key without password
|
||||||
|
openssl genrsa -out $SSLDIR/private/localhost.key >/dev/null || exit 1
|
||||||
|
|
||||||
|
# 4. Create a server certificate signing request (CSR)
|
||||||
|
echo "Creating a server certificate request (CSR)"
|
||||||
|
cat << _EOF > $mksslc_tempfile
|
||||||
|
$CERTPASS
|
||||||
|
$CERTCOUNTRY
|
||||||
|
$CERTSTATE
|
||||||
|
$CERTCITY
|
||||||
|
$CERTORGANIZATION
|
||||||
|
$CERTOU
|
||||||
|
$CERTCOMMONNAME
|
||||||
|
$CERTEMAIL
|
||||||
|
_EOF
|
||||||
|
echo "" >> $mksslc_tempfile # A challenge password
|
||||||
|
echo "" >> $mksslc_tempfile # An optional company name
|
||||||
|
|
||||||
|
openssl req -passout stdin -new -key $SSLDIR/private/localhost.key \
|
||||||
|
-out $SSLDIR/localhost.csr -days $CERTDAYS < $mksslc_tempfile >/dev/null || exit 1
|
||||||
|
|
||||||
|
rm -f $mksslc_tempfile
|
||||||
|
|
||||||
|
# 4. Sign a server certificate request
|
||||||
|
echo "Signing the certificate request"
|
||||||
|
|
||||||
|
echo "$CAPASS" > $mksslc_tempfile
|
||||||
|
echo "y" >> $mksslc_tempfile # Sign the certificate? [y/n]
|
||||||
|
echo "y" >> $mksslc_tempfile # 1 out of 1 certificate requests certified, commit?
|
||||||
|
|
||||||
|
openssl ca -days $CERTDAYS -passin stdin -policy policy_anything -out $SSLDIR/certs/localhost.crt \
|
||||||
|
-infiles $SSLDIR/localhost.csr < $mksslc_tempfile >/dev/null || exit 1
|
||||||
|
|
||||||
|
rm -f $mksslc_tempfile
|
||||||
|
|
||||||
|
exit 0
|
347
openssl101.spec
Normal file
347
openssl101.spec
Normal file
@ -0,0 +1,347 @@
|
|||||||
|
Name: openssl101
|
||||||
|
Version: 1.0.1s
|
||||||
|
Release: 2mamba
|
||||||
|
Summary: Secure Sockets Layer communications libs and utils
|
||||||
|
Group: Network/Security
|
||||||
|
Vendor: openmamba
|
||||||
|
Distribution: openmamba
|
||||||
|
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||||
|
URL: http://www.openssl.org
|
||||||
|
Source: http://www.openssl.org/source/openssl-%{version}.tar.gz
|
||||||
|
Source1: openssl-makecerts
|
||||||
|
Patch0: openssl-1.0.1a-fix_non_ia32.patch
|
||||||
|
Patch1: openssl-1.0.1p-symbol_versioning.patch
|
||||||
|
Patch2: openssl-1.0.1s-legacy-engines-dir.patch
|
||||||
|
License: BSD
|
||||||
|
## AUTOBUILDREQ-BEGIN
|
||||||
|
BuildRequires: glibc-devel
|
||||||
|
## AUTOBUILDREQ-END
|
||||||
|
Requires: lib%{name} = %{?epoch:%epoch:}%{version}-%{release}
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
|
|
||||||
|
%description
|
||||||
|
The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL.
|
||||||
|
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
|
||||||
|
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
|
||||||
|
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
|
||||||
|
|
||||||
|
%package -n lib%{name}
|
||||||
|
Summary: Library for OpenSSL
|
||||||
|
Group: System/Libraries
|
||||||
|
|
||||||
|
%description -n lib%{name}
|
||||||
|
The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
|
||||||
|
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
|
||||||
|
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
|
||||||
|
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
|
||||||
|
|
||||||
|
%package -n lib%{name}-devel
|
||||||
|
Summary: Library Devel for OpenSSL
|
||||||
|
Group: Development/Libraries
|
||||||
|
Requires: lib%{name} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description -n lib%{name}-devel
|
||||||
|
Library symlinks and include files needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
|
||||||
|
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
|
||||||
|
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
|
||||||
|
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
|
||||||
|
|
||||||
|
%package -n lib%{name}-static
|
||||||
|
Summary: OpenSSL static libraries
|
||||||
|
Group: Development/Libraries
|
||||||
|
Requires: lib%{name} = %{version}-%{release}
|
||||||
|
Requires: lib%{name}-devel = %{version}-%{release}
|
||||||
|
|
||||||
|
%description -n lib%{name}-static
|
||||||
|
Static libraries needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
|
||||||
|
|
||||||
|
%debug_package
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n openssl-%{version}
|
||||||
|
#%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
# FIXME: --openssldir=%{_libdir}/ssl
|
||||||
|
# (FHS: no executable files should be installed in /etc)
|
||||||
|
./Configure \
|
||||||
|
%ifarch ppc
|
||||||
|
linux-ppc \
|
||||||
|
%endif
|
||||||
|
%ifarch i586
|
||||||
|
linux-elf \
|
||||||
|
%endif
|
||||||
|
%ifarch x86_64
|
||||||
|
linux-x86_64 \
|
||||||
|
enable-ec_nistp_64_gcc_128 \
|
||||||
|
%endif
|
||||||
|
%ifarch arm
|
||||||
|
linux-generic32 \
|
||||||
|
%endif
|
||||||
|
shared \
|
||||||
|
enable-md2 \
|
||||||
|
enable-ssl2 \
|
||||||
|
--prefix=%{_prefix} \
|
||||||
|
--openssldir=/etc/ssl
|
||||||
|
|
||||||
|
%ifarch ppc
|
||||||
|
sed -i "s/-m486/-march=%{_target_cpu}/g" Makefile
|
||||||
|
%endif
|
||||||
|
|
||||||
|
sed -i 's|\(.*\)chmod 644\(.*/lib/pkgconfig\)|\1chmod 755\2|' Makefile
|
||||||
|
|
||||||
|
%make -j1 CC=%{_host}-gcc MANDIR=%{_mandir}
|
||||||
|
%make -j1 CC=%{_host}-gcc rehash
|
||||||
|
|
||||||
|
#export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
||||||
|
%if "%{_host}" == "%{_build}"
|
||||||
|
make test
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%install
|
||||||
|
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||||
|
make install CC=%{_host}-gcc INSTALL_PREFIX=%{buildroot} MANDIR=%{_mandir}
|
||||||
|
|
||||||
|
chmod 755 %{buildroot}%{_libdir}/pkgconfig
|
||||||
|
chmod 644 %{buildroot}%{_libdir}/pkgconfig/*.pc
|
||||||
|
|
||||||
|
mv %{buildroot}%{_mandir}/man1/passwd.* \
|
||||||
|
%{buildroot}%{_mandir}/man1/openssl-passwd.*
|
||||||
|
mv %{buildroot}%{_mandir}/man3/err.* \
|
||||||
|
%{buildroot}%{_mandir}/man3/openssl-err.*
|
||||||
|
mv %{buildroot}%{_mandir}/man3/rand.* \
|
||||||
|
%{buildroot}%{_mandir}/man3/openssl-rand.*
|
||||||
|
# rpmbuild can't correctly handle spaces in symlink names
|
||||||
|
rm -f %{buildroot}%{_mandir}/man7/Modes\ of\ DES.7
|
||||||
|
|
||||||
|
mkdir -p %{buildroot}/var/ssl/{certs,newcerts,private,crl}
|
||||||
|
touch %{buildroot}/var/ssl/index.txt
|
||||||
|
echo "01" > %{buildroot}/var/ssl/serial
|
||||||
|
|
||||||
|
sed -i "s|./demoCA|/var/ssl|" %{buildroot}/etc/ssl/openssl.cnf
|
||||||
|
|
||||||
|
rm -f %{buildroot}%{_libdir}/fips_premain.c
|
||||||
|
rm -f %{buildroot}%{_libdir}/fips_premain.c.sha1
|
||||||
|
|
||||||
|
install -m 0755 -D %{SOURCE1} %{buildroot}%{_sbindir}/openssl-makecerts
|
||||||
|
|
||||||
|
%clean
|
||||||
|
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||||
|
|
||||||
|
%post -p /sbin/ldconfig
|
||||||
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%config(noreplace) %{_sysconfdir}/ssl/openssl.cnf
|
||||||
|
%dir %{_sysconfdir}/ssl/private
|
||||||
|
%{_sysconfdir}/ssl/misc
|
||||||
|
%{_bindir}/c_rehash
|
||||||
|
#%{_bindir}/fipsld
|
||||||
|
%{_bindir}/openssl
|
||||||
|
%{_sbindir}/openssl-makecerts
|
||||||
|
#%{_bindir}/openssl_fips_fingerprint
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
%{_mandir}/man5/*
|
||||||
|
%{_mandir}/man7/*
|
||||||
|
%dir /var/ssl
|
||||||
|
%dir /var/ssl/certs
|
||||||
|
%dir /var/ssl/crl
|
||||||
|
%dir /var/ssl/newcerts
|
||||||
|
%dir %attr(0700,root,root) /var/ssl/private
|
||||||
|
%config(noreplace) /var/ssl/index.txt
|
||||||
|
%config(noreplace) /var/ssl/serial
|
||||||
|
|
||||||
|
%files -n lib%{name}
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_libdir}/libcrypto.so.*
|
||||||
|
%{_libdir}/libssl.so.*
|
||||||
|
%{_libdir}/openssl-1.0.1/engines/lib*.so
|
||||||
|
%doc LICENSE
|
||||||
|
|
||||||
|
%files -n lib%{name}-devel
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%dir %{_includedir}/openssl
|
||||||
|
%{_includedir}/openssl/*
|
||||||
|
%{_libdir}/*.so
|
||||||
|
%{_libdir}/pkgconfig/libcrypto.pc
|
||||||
|
%{_libdir}/pkgconfig/libssl.pc
|
||||||
|
%{_libdir}/pkgconfig/openssl.pc
|
||||||
|
%{_mandir}/man3/*
|
||||||
|
#%doc CHANGES* FAQ NEWS PROBLEMS README*
|
||||||
|
|
||||||
|
%files -n lib%{name}-static
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_libdir}/*.a
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Sat Apr 30 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1s-2mamba
|
||||||
|
- rebuilt with enable-ssl2
|
||||||
|
|
||||||
|
* Sat Apr 30 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1s-1mamba
|
||||||
|
- update to 1.0.1s
|
||||||
|
- legacy package
|
||||||
|
|
||||||
|
* Sun Aug 16 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1p-1mamba
|
||||||
|
- update to 1.0.1p
|
||||||
|
|
||||||
|
* Fri Jan 16 2015 Automatic Build System <autodist@mambasoft.it> 1.0.1l-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Fri Jan 09 2015 Automatic Build System <autodist@mambasoft.it> 1.0.1k-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Thu Oct 16 2014 Automatic Build System <autodist@mambasoft.it> 1.0.1j-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Thu Aug 07 2014 Automatic Build System <autodist@mambasoft.it> 1.0.1i-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Sat Jul 26 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1h-2mamba
|
||||||
|
- x86_64: rebuild with enable-ec_nistp_64_gcc_128 as suggested by tor
|
||||||
|
|
||||||
|
* Fri Jun 06 2014 Automatic Build System <autodist@mambasoft.it> 1.0.1h-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Tue Apr 08 2014 Automatic Build System <autodist@mambasoft.it> 1.0.1g-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Sun Feb 09 2014 Automatic Build System <autodist@mambasoft.it> 1.0.1f-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Fri Nov 15 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1e-3mamba
|
||||||
|
- added openssl-static subpackage
|
||||||
|
|
||||||
|
* Thu Jun 27 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1e-2mamba
|
||||||
|
- man and doc pages moved to appropriate subpackage
|
||||||
|
- don't provide 1.0.0 lib compatibility links (use now openssl100 legacy package)
|
||||||
|
|
||||||
|
* Tue Feb 12 2013 Automatic Build System <autodist@mambasoft.it> 1.0.1e-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Fri Feb 08 2013 Automatic Build System <autodist@mambasoft.it> 1.0.1d-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Mon Jul 02 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.1c-2mamba
|
||||||
|
- addded patch to enable symbol versioning
|
||||||
|
|
||||||
|
* Sat May 12 2012 Automatic Build System <autodist@mambasoft.it> 1.0.1c-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Fri Apr 20 2012 Automatic Build System <autodist@mambasoft.it> 1.0.1a-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Thu Mar 15 2012 Automatic Build System <autodist@mambasoft.it> 1.0.1-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Tue Mar 13 2012 Automatic Build System <autodist@mambasoft.it> 1.0.0h-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Thu Jan 19 2012 Automatic Build System <autodist@mambasoft.it> 1.0.0g-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Thu Jan 05 2012 Automatic Build System <autodist@mambasoft.it> 1.0.0f-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Tue Sep 06 2011 Automatic Build System <autodist@mambasoft.it> 1.0.0e-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
* Mon Mar 14 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.0d-2mamba
|
||||||
|
- rebuilt with debug package
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Automatic Build System <autodist@mambasoft.it> 1.0.0d-1mamba
|
||||||
|
- automatic update by autodist
|
||||||
|
|
||||||
|
* Mon Dec 06 2010 Automatic Build System <autodist@mambasoft.it> 1.0.0c-1mamba
|
||||||
|
- automatic update to 1.0.0c by autodist
|
||||||
|
|
||||||
|
* Fri Jul 02 2010 Davide Madrisan <davide.madrisan@gmail.com> 1.0.0a-2mamba
|
||||||
|
- enable md2 support
|
||||||
|
|
||||||
|
* Wed Jun 02 2010 Automatic Build System <autodist@mambasoft.it> 1.0.0a-1mamba
|
||||||
|
- automatic update to 1.0.0a by autodist
|
||||||
|
|
||||||
|
* Tue Mar 30 2010 Automatic Build System <autodist@mambasoft.it> 1.0.0-1mamba
|
||||||
|
- automatic update to 1.0.0 by autodist
|
||||||
|
|
||||||
|
* Mon Mar 29 2010 Automatic Build System <autodist@mambasoft.it> 0.9.8n-1mamba
|
||||||
|
- automatic update to 0.9.8n by autodist
|
||||||
|
|
||||||
|
* Tue Mar 23 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8m-2mamba
|
||||||
|
- move /etc/ssl/misc to openssl package
|
||||||
|
- removed build requirement for perl
|
||||||
|
- add support for arm target
|
||||||
|
|
||||||
|
* Fri Feb 26 2010 Automatic Build System <autodist@mambasoft.it> 0.9.8m-1mamba
|
||||||
|
- automatic update to 0.9.8m by autodist
|
||||||
|
|
||||||
|
* Wed Nov 18 2009 Automatic Build System <autodist@mambasoft.it> 0.9.8l-1mamba
|
||||||
|
- automatic update to 0.9.8l by autodist
|
||||||
|
|
||||||
|
* Fri Mar 27 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8k-1mamba
|
||||||
|
- automatic update to 0.9.8k by autodist
|
||||||
|
|
||||||
|
* Wed Jan 07 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8j-1mamba
|
||||||
|
- automatic update to 0.9.8j by autodist
|
||||||
|
|
||||||
|
* Sat Oct 04 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8i-2mamba
|
||||||
|
- libopenssl-devel: obsolete libopenssl097-devel
|
||||||
|
- set 700 permission to /var/ssl/private directory
|
||||||
|
|
||||||
|
* Tue Sep 16 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8i-1mamba
|
||||||
|
- automatic update to 0.9.8i by autodist
|
||||||
|
|
||||||
|
* Tue Jun 17 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8h-1mamba
|
||||||
|
- update to 0.9.8h
|
||||||
|
|
||||||
|
* Fri Mar 14 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8g-3mamba
|
||||||
|
- added openssl-makecerts script for creating a CA and a self-signed certificate
|
||||||
|
|
||||||
|
* Mon Dec 31 2007 Aleph0 <aleph0@openmamba.org> 0.9.8g-2mamba
|
||||||
|
- fix permissions of .pc files
|
||||||
|
|
||||||
|
* Sun Nov 18 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.8g-1mamba
|
||||||
|
- update to 0.9.8g
|
||||||
|
|
||||||
|
* Wed Sep 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7k-1qilnx
|
||||||
|
- update to version 0.9.7k by autospec
|
||||||
|
- also fixes CAN-2006-4339 (bugzilla#230)
|
||||||
|
|
||||||
|
* Fri Oct 14 2005 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7h-1qilnx
|
||||||
|
- update to version 0.9.7h by autospec
|
||||||
|
- also fixes the security issue QSA-2005-119 (CAN-2005-2969)
|
||||||
|
- patches removed (merget upstream)
|
||||||
|
|
||||||
|
* Wed Jul 27 2005 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7e-2qilnx
|
||||||
|
- fix security issue QSA-2005-083 (CAN-2005-0109)
|
||||||
|
- do not create a broken link to the libfips library (p0)
|
||||||
|
see http://www.mail-archive.com/openssl-dev%40openssl.org/msg18268.html
|
||||||
|
|
||||||
|
* Tue Dec 14 2004 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7e-1qilnx
|
||||||
|
- update to version 0.9.7e by autospec
|
||||||
|
- fix security issue QSA-2004-062 (CAN-2004-0975)
|
||||||
|
- added documentation
|
||||||
|
|
||||||
|
* Thu Mar 18 2004 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7d-1qilnx
|
||||||
|
- security fix release (CAN-2004-0079, CAN-2004-0112)
|
||||||
|
|
||||||
|
* Mon Jan 19 2004 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7c-2qilnx
|
||||||
|
- specfile fixes
|
||||||
|
|
||||||
|
* Wed Oct 01 2003 Davide Madrisan <davide.madrisan@qilinux.it> 0.9.7c-1qilnx
|
||||||
|
- rebuilt with new version (important security bugfixes)
|
||||||
|
|
||||||
|
* Fri Jul 25 2003 Silvan Calarco <silvan.calarco@qinet.it> 0.9.7b-4qilnx
|
||||||
|
- configured so that certificates are by default under /var/ssl
|
||||||
|
|
||||||
|
* Wed Jun 18 2003 Silvan Calarco <silvan.calarco@qinet.it> 0.9.7b-3qilnx
|
||||||
|
- rebuilt against gcc 3.2.3
|
||||||
|
- files correctly redistributed beetwen main and devel package
|
||||||
|
|
||||||
|
* Wed Apr 30 2003 Silvan Calarco <silvan.calarco@qinet.it>
|
||||||
|
- err, rand and passwd manpages renamed to openssl-* to avoid conflicts with other versions
|
||||||
|
|
||||||
|
* Tue Apr 16 2003 Luca Tinelli <luca.tinelli@qinet.it>
|
||||||
|
- first build
|
Loading…
Reference in New Issue
Block a user