Group :: Segurança/Rede
RPM: LibreSSL
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: 0009-ALT-TLS_DEFAULT_CA_FILE-and-cert.pem.patch
Download
Download
From 4f387fa81a27db4746765629bb7edbec24f55644 Mon Sep 17 00:00:00 2001
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
Date: Mon, 17 Jan 2022 17:44:21 +0000
Subject: [PATCH] ALT: TLS_DEFAULT_CA_FILE and cert.pem
---
libressl/Makefile.am | 6 +++---
libressl/Makefile.in | 6 +++---
libressl/tls/Makefile.am | 6 +-----
libressl/tls/Makefile.in | 4 ++--
libressl/tls/tls_internal.h | 2 +-
5 files changed, 10 insertions(+), 14 deletions(-)
diff --git a/libressl/Makefile.am b/libressl/Makefile.am
index 98d95f8..b8d15ea 100644
--- a/libressl/Makefile.am
+++ b/libressl/Makefile.am
@@ -12,7 +12,7 @@ endif
EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake
-EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf
+EXTRA_DIST += openssl.cnf x509v3.cnf
.PHONY: install_sw
install_sw: install
@@ -24,7 +24,7 @@ install-exec-hook:
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
- for i in cert.pem openssl.cnf x509v3.cnf; do \
+ for i in openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
@@ -38,7 +38,7 @@ uninstall-local:
else \
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
fi; \
- for i in cert.pem openssl.cnf x509v3.cnf; do \
+ for i in openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
diff --git a/libressl/Makefile.in b/libressl/Makefile.in
index 463b17a..31ac03e 100644
--- a/libressl/Makefile.in
+++ b/libressl/Makefile.in
@@ -374,7 +374,7 @@ pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libtls.pc $(am__append_2)
EXTRA_DIST = README.md README.windows VERSION config scripts \
CMakeLists.txt cmake_export_symbol.cmake \
- cmake_uninstall.cmake.in FindLibreSSL.cmake cert.pem \
+ cmake_uninstall.cmake.in FindLibreSSL.cmake \
openssl.cnf x509v3.cnf
all: all-recursive
@@ -896,7 +896,7 @@ install-exec-hook:
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
- for i in cert.pem openssl.cnf x509v3.cnf; do \
+ for i in openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
@@ -910,7 +910,7 @@ uninstall-local:
else \
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
fi; \
- for i in cert.pem openssl.cnf x509v3.cnf; do \
+ for i in openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
diff --git a/libressl/tls/Makefile.am b/libressl/tls/Makefile.am
index 5c8c3f3..69be22f 100644
--- a/libressl/tls/Makefile.am
+++ b/libressl/tls/Makefile.am
@@ -31,11 +31,7 @@ libtls_la_LIBADD += $(libssl_la_objects)
libtls_la_LIBADD += $(PLATFORM_LDADD)
libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
-if OPENSSLDIR_DEFINED
-libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
-else
-libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/libressl/cert.pem\"
-endif
+libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"/var/lib/libressl/cert.pem\"
libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c
diff --git a/libressl/tls/Makefile.in b/libressl/tls/Makefile.in
index 7f4ee76..07085c3 100644
--- a/libressl/tls/Makefile.in
+++ b/libressl/tls/Makefile.in
@@ -89,8 +89,8 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-@OPENSSLDIR_DEFINED_TRUE@am__append_1 = -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
-@OPENSSLDIR_DEFINED_FALSE@am__append_2 = -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/libressl/cert.pem\"
+@OPENSSLDIR_DEFINED_TRUE@am__append_1 = -DTLS_DEFAULT_CA_FILE=\"/var/lib/libressl/cert.pem\"
+@OPENSSLDIR_DEFINED_FALSE@am__append_2 = -DTLS_DEFAULT_CA_FILE=\"/var/lib/libressl/cert.pem\"
@HOST_WIN_TRUE@am__append_3 = compat/ftruncate.c compat/pread.c \
@HOST_WIN_TRUE@ compat/pwrite.c
subdir = tls
diff --git a/libressl/tls/tls_internal.h b/libressl/tls/tls_internal.h
index 8a9f23b..bd9b441 100644
--- a/libressl/tls/tls_internal.h
+++ b/libressl/tls/tls_internal.h
@@ -29,7 +29,7 @@
__BEGIN_HIDDEN_DECLS
#ifndef TLS_DEFAULT_CA_FILE
-#define TLS_DEFAULT_CA_FILE "/etc/libressl/cert.pem"
+#define TLS_DEFAULT_CA_FILE "/var/lib/libressl/cert.pem"
#endif
#define TLS_CIPHERS_DEFAULT "TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
--
2.33.7