rpms/openssl/devel Makefile.certificate, 1.2, 1.3 openssl.spec, 1.49, 1.50

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Mar 30 10:52:24 UTC 2005


Update of /cvs/dist/rpms/openssl/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10869

Modified Files:
	Makefile.certificate openssl.spec 
Log Message:
- added support for changing serial number to
  Makefile.certificate (#151188)
- make ca-bundle.crt a config file (#118903)



Index: Makefile.certificate
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/Makefile.certificate,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Makefile.certificate	10 Feb 2005 09:26:39 -0000	1.2
+++ Makefile.certificate	30 Mar 2005 10:52:21 -0000	1.3
@@ -1,4 +1,5 @@
 UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
+SERIAL=0
 
 .PHONY: usage
 .SUFFIXES: .key .csr .crt .pem
@@ -19,6 +20,8 @@
 	@echo "To create a CSR for use with Apache, run \"make certreq\"."
 	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
 	@echo
+	@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
+	@echo
 	@echo Examples:
 	@echo "  make server.key"
 	@echo "  make server.csr"
@@ -27,12 +30,15 @@
 	@echo "  make genkey"
 	@echo "  make certreq"
 	@echo "  make testcert"
+	@echo "  make server.crt SERIAL=1"
+	@echo "  make stunnel.pem SERIAL=2"
+	@echo "  make testcert SERIAL=3"
 
 %.pem:
 	umask 77 ; \
 	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
 	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
-	/usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ; \
+	/usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
 	cat $$PEM1 >  $@ ; \
 	echo ""    >> $@ ; \
 	cat $$PEM2 >> $@ ; \
@@ -48,7 +54,7 @@
 
 %.crt: %.key
 	umask 77 ; \
-	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@
+	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
 
 KEY=/etc/httpd/conf/ssl.key/server.key
 CSR=/etc/httpd/conf/ssl.csr/server.csr
@@ -64,4 +70,4 @@
 
 $(CRT): $(KEY)
 	umask 77 ; \
-	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT)
+	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)


Index: openssl.spec
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- openssl.spec	30 Mar 2005 09:14:37 -0000	1.49
+++ openssl.spec	30 Mar 2005 10:52:21 -0000	1.50
@@ -345,6 +345,7 @@
 %{_datadir}/ssl/private
 
 %config(noreplace) %{_datadir}/ssl/openssl.cnf
+%config %{_datadir}/ssl/certs/ca-bundle.crt
 
 %attr(0755,root,root) %{_bindir}/openssl
 %attr(0755,root,root) /%{_lib}/*.so.%{version}
@@ -381,11 +382,13 @@
 
 %changelog
 * Wed Mar 30 2005 Tomas Mraz <trmaz at redhat.com> 0.9.7f-1
-- reenable optimizations on ppc64
-- enable assembly code on ia64
+- reenable optimizations on ppc64 and assembly code on ia64
 - upgrade to new upstream version (no soname bump needed)
 - disable thread test - it was testing the backport of the
   RSA blinding - no longer needed
+- added support for changing serial number to 
+  Makefile.certificate (#151188)
+- make ca-bundle.crt a config file (#118903)
 
 * Tue Mar  1 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7e-3
 - libcrypto shouldn't depend on libkrb5 (#135961)




More information about the fedora-cvs-commits mailing list