diff --git a/Makefile.certificate b/Makefile.certificate index e70ce25..614db0e 100644 --- a/Makefile.certificate +++ b/Makefile.certificate @@ -1,4 +1,5 @@ UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) +SERIAL=0 .PHONY: usage .SUFFIXES: .key .csr .crt .pem @@ -19,6 +20,8 @@ usage: @echo "To create a CSR for use with Apache, run \"make certreq\"." @echo "To create a test certificate for use with Apache, run \"make testcert\"." @echo + @echo "To create a test certificate with serial number other than zero, add SERIAL=num" + @echo @echo Examples: @echo " make server.key" @echo " make server.csr" @@ -27,12 +30,15 @@ usage: @echo " make genkey" @echo " make certreq" @echo " make testcert" + @echo " make server.crt SERIAL=1" + @echo " make stunnel.pem SERIAL=2" + @echo " make testcert SERIAL=3" %.pem: umask 77 ; \ PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ - /usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 ; \ + /usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \ cat $$PEM1 > $@ ; \ echo "" >> $@ ; \ cat $$PEM2 >> $@ ; \ @@ -48,7 +54,7 @@ usage: %.crt: %.key umask 77 ; \ - /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ + /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL) KEY=/etc/httpd/conf/ssl.key/server.key CSR=/etc/httpd/conf/ssl.csr/server.csr @@ -64,4 +70,4 @@ $(CSR): $(KEY) $(CRT): $(KEY) umask 77 ; \ - /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL) diff --git a/openssl.spec b/openssl.spec index 3ac6cca..30f9b65 100644 --- a/openssl.spec +++ b/openssl.spec @@ -345,6 +345,7 @@ popd %{_datadir}/ssl/private %config(noreplace) %{_datadir}/ssl/openssl.cnf +%config %{_datadir}/ssl/certs/ca-bundle.crt %attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) /%{_lib}/*.so.%{version} @@ -381,11 +382,13 @@ popd %changelog * Wed Mar 30 2005 Tomas Mraz 0.9.7f-1 -- reenable optimizations on ppc64 -- enable assembly code on ia64 +- reenable optimizations on ppc64 and assembly code on ia64 - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed +- added support for changing serial number to + Makefile.certificate (#151188) +- make ca-bundle.crt a config file (#118903) * Tue Mar 1 2005 Tomas Mraz 0.9.7e-3 - libcrypto shouldn't depend on libkrb5 (#135961)