Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37048609
en ru br
Репозитории ALT

Группа :: Безопасность/Сети
Пакет: LibreSSL

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: 0009-ALT-TLS_DEFAULT_CA_FILE-and-cert.pem.patch
Скачать


From 4f387fa81a27db4746765629bb7edbec24f55644 Mon Sep 17 00:00:00 2001
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
Date: Mon, 17 Jan 2022 17:44:21 +0000
Subject: [PATCH] ALT: TLS_DEFAULT_CA_FILE and cert.pem
---
 libressl/Makefile.am        | 6 +++---
 libressl/Makefile.in        | 6 +++---
 libressl/tls/Makefile.am    | 6 +-----
 libressl/tls/Makefile.in    | 4 ++--
 libressl/tls/tls_internal.h | 2 +-
 5 files changed, 10 insertions(+), 14 deletions(-)
diff --git a/libressl/Makefile.am b/libressl/Makefile.am
index 98d95f8..b8d15ea 100644
--- a/libressl/Makefile.am
+++ b/libressl/Makefile.am
@@ -12,7 +12,7 @@ endif
 
 EXTRA_DIST = README.md README.windows VERSION config scripts
 EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake
-EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf
+EXTRA_DIST += openssl.cnf x509v3.cnf
 
 .PHONY: install_sw
 install_sw: install
@@ -24,7 +24,7 @@ install-exec-hook:
 		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
 	fi; \
 	mkdir -p "$$OPENSSLDIR/certs"; \
-	for i in cert.pem openssl.cnf x509v3.cnf; do \
+	for i in openssl.cnf x509v3.cnf; do \
 		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
 			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
 		else \
@@ -38,7 +38,7 @@ uninstall-local:
 	else \
 		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
 	fi; \
-	for i in cert.pem openssl.cnf x509v3.cnf; do \
+	for i in openssl.cnf x509v3.cnf; do \
 		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
 			rm -f "$$OPENSSLDIR/$$i"; \
 		fi \
diff --git a/libressl/Makefile.in b/libressl/Makefile.in
index 463b17a..31ac03e 100644
--- a/libressl/Makefile.in
+++ b/libressl/Makefile.in
@@ -374,7 +374,7 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libtls.pc $(am__append_2)
 EXTRA_DIST = README.md README.windows VERSION config scripts \
 	CMakeLists.txt cmake_export_symbol.cmake \
-	cmake_uninstall.cmake.in FindLibreSSL.cmake cert.pem \
+	cmake_uninstall.cmake.in FindLibreSSL.cmake \
 	openssl.cnf x509v3.cnf
 all: all-recursive
 
@@ -896,7 +896,7 @@ install-exec-hook:
 		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
 	fi; \
 	mkdir -p "$$OPENSSLDIR/certs"; \
-	for i in cert.pem openssl.cnf x509v3.cnf; do \
+	for i in openssl.cnf x509v3.cnf; do \
 		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
 			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
 		else \
@@ -910,7 +910,7 @@ uninstall-local:
 	else \
 		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/libressl"; \
 	fi; \
-	for i in cert.pem openssl.cnf x509v3.cnf; do \
+	for i in openssl.cnf x509v3.cnf; do \
 		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
 			rm -f "$$OPENSSLDIR/$$i"; \
 		fi \
diff --git a/libressl/tls/Makefile.am b/libressl/tls/Makefile.am
index 5c8c3f3..69be22f 100644
--- a/libressl/tls/Makefile.am
+++ b/libressl/tls/Makefile.am
@@ -31,11 +31,7 @@ libtls_la_LIBADD += $(libssl_la_objects)
 libtls_la_LIBADD += $(PLATFORM_LDADD)
 
 libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
-if OPENSSLDIR_DEFINED
-libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
-else
-libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/libressl/cert.pem\"
-endif
+libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"/var/lib/libressl/cert.pem\"
 
 libtls_la_SOURCES = tls.c
 libtls_la_SOURCES += tls_client.c
diff --git a/libressl/tls/Makefile.in b/libressl/tls/Makefile.in
index 7f4ee76..07085c3 100644
--- a/libressl/tls/Makefile.in
+++ b/libressl/tls/Makefile.in
@@ -89,8 +89,8 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@OPENSSLDIR_DEFINED_TRUE@am__append_1 = -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
-@OPENSSLDIR_DEFINED_FALSE@am__append_2 = -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/libressl/cert.pem\"
+@OPENSSLDIR_DEFINED_TRUE@am__append_1 = -DTLS_DEFAULT_CA_FILE=\"/var/lib/libressl/cert.pem\"
+@OPENSSLDIR_DEFINED_FALSE@am__append_2 = -DTLS_DEFAULT_CA_FILE=\"/var/lib/libressl/cert.pem\"
 @HOST_WIN_TRUE@am__append_3 = compat/ftruncate.c compat/pread.c \
 @HOST_WIN_TRUE@	compat/pwrite.c
 subdir = tls
diff --git a/libressl/tls/tls_internal.h b/libressl/tls/tls_internal.h
index 8a9f23b..bd9b441 100644
--- a/libressl/tls/tls_internal.h
+++ b/libressl/tls/tls_internal.h
@@ -29,7 +29,7 @@
 __BEGIN_HIDDEN_DECLS
 
 #ifndef TLS_DEFAULT_CA_FILE
-#define TLS_DEFAULT_CA_FILE 	"/etc/libressl/cert.pem"
+#define TLS_DEFAULT_CA_FILE 	"/var/lib/libressl/cert.pem"
 #endif
 
 #define TLS_CIPHERS_DEFAULT	"TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
-- 
2.33.7
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin