|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/Configurations/unix-Makefile.tmpl
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/Configurations/unix-Makefile.tmpl
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/Configurations/unix-Makefile.tmpl
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -140,8 +140,8 @@ INSTALL_SHLIB_INFO={- join(" ", map { "\
|
|
Bernhard M. Wiedemann |
514c2a |
INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
|
|
Bernhard M. Wiedemann |
514c2a |
INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
|
|
Bernhard M. Wiedemann |
514c2a |
{- output_off() if $disabled{apps}; "" -}
|
|
Bernhard M. Wiedemann |
514c2a |
-BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
|
|
Bernhard M. Wiedemann |
514c2a |
-MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget.pl:tsget
|
|
Bernhard M. Wiedemann |
514c2a |
+BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash-1_1
|
|
Bernhard M. Wiedemann |
514c2a |
+MISC_SCRIPTS=$(BLDDIR)/apps/CA-1_1.pl $(BLDDIR)/apps/tsget-1_1.pl:tsget-1_1
|
|
Bernhard M. Wiedemann |
514c2a |
{- output_on() if $disabled{apps}; "" -}
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
APPS_OPENSSL={- use File::Spec::Functions;
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -579,14 +579,14 @@ install_ssldirs:
|
|
Bernhard M. Wiedemann |
514c2a |
: {- output_on() if windowsdll(); "" -}; \
|
|
Bernhard M. Wiedemann |
514c2a |
fi; \
|
|
Bernhard M. Wiedemann |
514c2a |
done
|
|
Bernhard M. Wiedemann |
514c2a |
- @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
|
|
Bernhard M. Wiedemann |
514c2a |
- @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
|
|
Bernhard M. Wiedemann |
514c2a |
- @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
|
|
Bernhard M. Wiedemann |
514c2a |
- @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
|
|
Bernhard M. Wiedemann |
514c2a |
- @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
|
|
Bernhard M. Wiedemann |
514c2a |
- $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
|
|
Bernhard M. Wiedemann |
514c2a |
- cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
|
|
Bernhard M. Wiedemann |
514c2a |
- chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
|
|
Bernhard M. Wiedemann |
514c2a |
+ @$(ECHO) "install $(SRCDIR)/apps/openssl-1_1.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.dist"
|
|
Bernhard M. Wiedemann |
514c2a |
+ @cp $(SRCDIR)/apps/openssl-1_1.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new"
|
|
Bernhard M. Wiedemann |
514c2a |
+ @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new"
|
|
Bernhard M. Wiedemann |
514c2a |
+ @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.dist"
|
|
Bernhard M. Wiedemann |
514c2a |
+ @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf" ]; then \
|
|
Bernhard M. Wiedemann |
514c2a |
+ $(ECHO) "install $(SRCDIR)/apps/openssl-1_1.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \
|
|
Bernhard M. Wiedemann |
514c2a |
+ cp $(SRCDIR)/apps/openssl-1_1.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \
|
|
Bernhard M. Wiedemann |
514c2a |
+ chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \
|
|
Bernhard M. Wiedemann |
514c2a |
fi
|
|
Bernhard M. Wiedemann |
514c2a |
@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
|
|
Bernhard M. Wiedemann |
514c2a |
@cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new"
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -870,7 +870,7 @@ lint:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
generate_apps:
|
|
Bernhard M. Wiedemann |
514c2a |
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
|
|
Bernhard M. Wiedemann |
514c2a |
- < apps/openssl.cnf > apps/openssl-vms.cnf )
|
|
Bernhard M. Wiedemann |
514c2a |
+ < apps/openssl-1_1.cnf > apps/openssl-vms.cnf )
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
generate_crypto_bn:
|
|
Bernhard M. Wiedemann |
514c2a |
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/Configure
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/Configure
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/Configure
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -35,7 +35,7 @@ my $usage="Usage: Configure [no-<cipher>
|
|
Bernhard M. Wiedemann |
514c2a |
# directories bin, lib, include, share/man, share/doc/openssl
|
|
Bernhard M. Wiedemann |
514c2a |
# This becomes the value of INSTALLTOP in Makefile
|
|
Bernhard M. Wiedemann |
514c2a |
# (Default: /usr/local)
|
|
Bernhard M. Wiedemann |
514c2a |
-# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys.
|
|
Bernhard M. Wiedemann |
514c2a |
+# --openssldir OpenSSL data area, such as openssl-1_1.cnf, certificates and keys.
|
|
Bernhard M. Wiedemann |
514c2a |
# If it's a relative directory, it will be added on the directory
|
|
Bernhard M. Wiedemann |
514c2a |
# given with --prefix.
|
|
Bernhard M. Wiedemann |
514c2a |
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/INSTALL
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/INSTALL
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/INSTALL
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -296,7 +296,7 @@
|
|
Bernhard M. Wiedemann |
514c2a |
be undesirable if small executable size is an objective.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
no-autoload-config
|
|
Bernhard M. Wiedemann |
514c2a |
- Don't automatically load the default openssl.cnf file.
|
|
Bernhard M. Wiedemann |
514c2a |
+ Don't automatically load the default openssl-1_1.cnf file.
|
|
Bernhard M. Wiedemann |
514c2a |
Typically OpenSSL will automatically load a system config
|
|
Bernhard M. Wiedemann |
514c2a |
file which configures default ssl options.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/NEWS
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/NEWS
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/NEWS
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -5,6 +5,9 @@
|
|
Bernhard M. Wiedemann |
514c2a |
This file gives a brief overview of the major changes between each OpenSSL
|
|
Bernhard M. Wiedemann |
514c2a |
release. For more details please read the CHANGES file.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
+ IMPORTANT: For compatibility with OpenSSL 3.0, the OpenSSL master
|
|
Bernhard M. Wiedemann |
514c2a |
+ configuration file openssl.cnf has been renamed to openssl-1_1.cnf.
|
|
Bernhard M. Wiedemann |
514c2a |
+
|
|
Bernhard M. Wiedemann |
514c2a |
Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/HOWTO/certificates.txt
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/HOWTO/certificates.txt
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/HOWTO/certificates.txt
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -16,7 +16,7 @@ Certificate authorities should read http
|
|
Bernhard M. Wiedemann |
514c2a |
In all the cases shown below, the standard configuration file, as
|
|
Bernhard M. Wiedemann |
514c2a |
compiled into openssl, will be used. You may find it in /etc/,
|
|
Bernhard M. Wiedemann |
514c2a |
/usr/local/ssl/ or somewhere else. By default the file is named
|
|
Bernhard M. Wiedemann |
514c2a |
-openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html.
|
|
Bernhard M. Wiedemann |
514c2a |
+openssl-1_1.cnf and is described at https://www.openssl.org/docs/apps/config.html.
|
|
Bernhard M. Wiedemann |
514c2a |
You can specify a different configuration file using the
|
|
Bernhard M. Wiedemann |
514c2a |
'-config {file}' argument with the commands shown below.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man3/OPENSSL_config.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man3/OPENSSL_config.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man3/OPENSSL_config.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 DESCRIPTION
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
|
|
Bernhard M. Wiedemann |
514c2a |
+OPENSSL_config() configures OpenSSL using the standard B<openssl-1_1.cnf> and
|
|
Bernhard M. Wiedemann |
514c2a |
reads from the application section B<appname>. If B<appname> is NULL then
|
|
Bernhard M. Wiedemann |
514c2a |
the default section, B<openssl_conf>, will be used.
|
|
Bernhard M. Wiedemann |
514c2a |
Errors are silently ignored.
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man5/config.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man5/config.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man5/config.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 DESCRIPTION
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
The OpenSSL CONF library can be used to read configuration files.
|
|
Bernhard M. Wiedemann |
514c2a |
-It is used for the OpenSSL master configuration file B<openssl.cnf>
|
|
Bernhard M. Wiedemann |
514c2a |
+It is used for the OpenSSL master configuration file B<openssl-1_1.cnf>
|
|
Bernhard M. Wiedemann |
514c2a |
and in a few other places like B<SPKAC> files and certificate extension
|
|
Bernhard M. Wiedemann |
514c2a |
files for the B<x509> utility. OpenSSL applications can also use the
|
|
Bernhard M. Wiedemann |
514c2a |
CONF library for their own purposes.
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/include/internal/cryptlib.h
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/include/internal/cryptlib.h
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/include/internal/cryptlib.h
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO;
|
|
Bernhard M. Wiedemann |
514c2a |
typedef struct mem_st MEM;
|
|
Bernhard M. Wiedemann |
514c2a |
DEFINE_LHASH_OF(MEM);
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-# define OPENSSL_CONF "openssl.cnf"
|
|
Bernhard M. Wiedemann |
514c2a |
+# define OPENSSL_CONF "openssl-1_1.cnf"
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
# ifndef OPENSSL_SYS_VMS
|
|
Bernhard M. Wiedemann |
514c2a |
# define X509_CERT_AREA OPENSSLDIR
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/Configurations/descrip.mms.tmpl
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/Configurations/descrip.mms.tmpl
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/Configurations/descrip.mms.tmpl
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -140,8 +140,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\
|
|
Bernhard M. Wiedemann |
514c2a |
INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
|
|
Bernhard M. Wiedemann |
514c2a |
INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
|
|
Bernhard M. Wiedemann |
514c2a |
{- output_off() if $disabled{apps}; "" -}
|
|
Bernhard M. Wiedemann |
514c2a |
-BIN_SCRIPTS=[.tools]c_rehash.pl
|
|
Bernhard M. Wiedemann |
514c2a |
-MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
|
|
Bernhard M. Wiedemann |
514c2a |
+BIN_SCRIPTS=[.tools]c_rehash-1_1.pl
|
|
Bernhard M. Wiedemann |
514c2a |
+MISC_SCRIPTS=[.apps]CA-1_1.pl, [.apps]tsget-1_1.pl
|
|
Bernhard M. Wiedemann |
514c2a |
{- output_on() if $disabled{apps}; "" -}
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
APPS_OPENSSL={- use File::Spec::Functions;
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/VMS/openssl_utils.com.in
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/VMS/openssl_utils.com.in
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/VMS/openssl_utils.com.in
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -8,7 +8,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL'v'
|
|
Bernhard M. Wiedemann |
514c2a |
$
|
|
Bernhard M. Wiedemann |
514c2a |
$ IF F$TYPE(PERL) .EQS. "STRING"
|
|
Bernhard M. Wiedemann |
514c2a |
$ THEN
|
|
Bernhard M. Wiedemann |
514c2a |
-$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
|
|
Bernhard M. Wiedemann |
514c2a |
+$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash-1_1.pl
|
|
Bernhard M. Wiedemann |
514c2a |
$ ELSE
|
|
Bernhard M. Wiedemann |
514c2a |
$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
|
|
Bernhard M. Wiedemann |
514c2a |
$ ENDIF
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/apps/CA.pl.in
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/apps/CA.pl.in
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/apps/CA.pl.in
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -113,10 +113,10 @@ sub run
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
|
|
Bernhard M. Wiedemann |
514c2a |
- print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
- print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
- print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
|
|
Bernhard M. Wiedemann |
514c2a |
- print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
+ print STDERR "usage: CA-1_1.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
+ print STDERR " CA-1_1.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
+ print STDERR " CA-1_1.pl -verify [-extra-verify extra-params] certfile ...\n";
|
|
Bernhard M. Wiedemann |
514c2a |
+ print STDERR " CA-1_1.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
exit 0;
|
|
Bernhard M. Wiedemann |
514c2a |
}
|
|
Bernhard M. Wiedemann |
514c2a |
if ($WHAT eq '-newcert' ) {
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/apps/build.info
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/apps/build.info
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/apps/build.info
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -73,7 +73,7 @@ IF[{- !$disabled{apps} -}]
|
|
Bernhard M. Wiedemann |
514c2a |
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
|
|
Bernhard M. Wiedemann |
514c2a |
DEPEND[progs.h]=../configdata.pm
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- SCRIPTS=CA.pl tsget.pl
|
|
Bernhard M. Wiedemann |
514c2a |
- SOURCE[CA.pl]=CA.pl.in
|
|
Bernhard M. Wiedemann |
514c2a |
- SOURCE[tsget.pl]=tsget.in
|
|
Bernhard M. Wiedemann |
514c2a |
+ SCRIPTS=CA-1_1.pl tsget-1_1.pl
|
|
Bernhard M. Wiedemann |
514c2a |
+ SOURCE[CA-1_1.pl]=CA.pl.in
|
|
Bernhard M. Wiedemann |
514c2a |
+ SOURCE[tsget-1_1.pl]=tsget.in
|
|
Bernhard M. Wiedemann |
514c2a |
ENDIF
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/apps/tsget.in
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/apps/tsget.in
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/apps/tsget.in
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -47,7 +47,7 @@ sub create_curl {
|
|
Bernhard M. Wiedemann |
514c2a |
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
|
|
Bernhard M. Wiedemann |
514c2a |
$curl->setopt(CURLOPT_FAILONERROR, 1);
|
|
Bernhard M. Wiedemann |
514c2a |
$curl->setopt(CURLOPT_USERAGENT,
|
|
Bernhard M. Wiedemann |
514c2a |
- "OpenTSA tsget.pl/openssl-{- $config{version} -}");
|
|
Bernhard M. Wiedemann |
514c2a |
+ "OpenTSA tsget-1_1.pl/openssl-{- $config{version} -}");
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
# Options for POST method.
|
|
Bernhard M. Wiedemann |
514c2a |
$curl->setopt(CURLOPT_UPLOAD, 1);
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man1/CA.pl.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man1/CA.pl.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man1/CA.pl.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -2,16 +2,16 @@
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 NAME
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-CA.pl - friendlier interface for OpenSSL certificate programs
|
|
Bernhard M. Wiedemann |
514c2a |
+CA-1_1.pl - friendlier interface for OpenSSL certificate programs
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 SYNOPSIS
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-B<CA.pl>
|
|
Bernhard M. Wiedemann |
514c2a |
+B<CA-1_1.pl>
|
|
Bernhard M. Wiedemann |
514c2a |
B<-?> |
|
|
Bernhard M. Wiedemann |
514c2a |
B<-h> |
|
|
Bernhard M. Wiedemann |
514c2a |
B<-help>
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-B<CA.pl>
|
|
Bernhard M. Wiedemann |
514c2a |
+B<CA-1_1.pl>
|
|
Bernhard M. Wiedemann |
514c2a |
B<-newcert> |
|
|
Bernhard M. Wiedemann |
514c2a |
B<-newreq> |
|
|
Bernhard M. Wiedemann |
514c2a |
B<-newreq-nodes> |
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -23,15 +23,15 @@ B<-crl> |
|
|
Bernhard M. Wiedemann |
514c2a |
B<-newca>
|
|
Bernhard M. Wiedemann |
514c2a |
[B<-extra-cmd> extra-params]
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-B<CA.pl> B<-pkcs12> [B<-extra-pkcs12> extra-params] [B<certname>]
|
|
Bernhard M. Wiedemann |
514c2a |
+B<CA-1_1.pl> B<-pkcs12> [B<-extra-pkcs12> extra-params] [B<certname>]
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-B<CA.pl> B<-verify> [B<-extra-verify> extra-params] B<certfile>...
|
|
Bernhard M. Wiedemann |
514c2a |
+B<CA-1_1.pl> B<-verify> [B<-extra-verify> extra-params] B<certfile>...
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-B<CA.pl> B<-revoke> [B<-extra-ca> extra-params] B<certfile> [B<reason>]
|
|
Bernhard M. Wiedemann |
514c2a |
+B<CA-1_1.pl> B<-revoke> [B<-extra-ca> extra-params] B<certfile> [B<reason>]
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 DESCRIPTION
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-The B<CA.pl> script is a perl script that supplies the relevant command line
|
|
Bernhard M. Wiedemann |
514c2a |
+The B<CA-1_1.pl> script is a perl script that supplies the relevant command line
|
|
Bernhard M. Wiedemann |
514c2a |
arguments to the B<openssl> command for some common certificate operations.
|
|
Bernhard M. Wiedemann |
514c2a |
It is intended to simplify the process of certificate creation and management
|
|
Bernhard M. Wiedemann |
514c2a |
by the use of some simple options.
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -136,19 +136,19 @@ Users should consult B<openssl> command
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Create a CA hierarchy:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -newca
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -newca
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Complete certificate creation example: create a CA, create a request, sign
|
|
Bernhard M. Wiedemann |
514c2a |
the request and finally create a PKCS#12 file containing it.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -newca
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -newreq
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -sign
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -pkcs12 "My Test Certificate"
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -newca
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -newreq
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -sign
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -pkcs12 "My Test Certificate"
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 DSA CERTIFICATES
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-Although the B<CA.pl> creates RSA CAs and requests it is still possible to
|
|
Bernhard M. Wiedemann |
514c2a |
+Although the B<CA-1_1.pl> creates RSA CAs and requests it is still possible to
|
|
Bernhard M. Wiedemann |
514c2a |
use it with DSA certificates and requests using the L<req(1)> command
|
|
Bernhard M. Wiedemann |
514c2a |
directly. The following example shows the steps that would typically be taken.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -162,7 +162,7 @@ Create a DSA CA certificate and private
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Create the CA directories and files:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -newca
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -newca
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
enter cacert.pem when prompted for the CA filename.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -173,22 +173,22 @@ can optionally be created first):
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Sign the request:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- CA.pl -sign
|
|
Bernhard M. Wiedemann |
514c2a |
+ CA-1_1.pl -sign
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 NOTES
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
|
|
Bernhard M. Wiedemann |
514c2a |
+Most of the filenames mentioned can be modified by editing the B<CA-1_1.pl> script.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
If the demoCA directory already exists then the B<-newca> command will not
|
|
Bernhard M. Wiedemann |
514c2a |
overwrite it and will do nothing. This can happen if a previous call using
|
|
Bernhard M. Wiedemann |
514c2a |
the B<-newca> option terminated abnormally. To get the correct behaviour
|
|
Bernhard M. Wiedemann |
514c2a |
delete the demoCA directory if it already exists.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-Under some environments it may not be possible to run the B<CA.pl> script
|
|
Bernhard M. Wiedemann |
514c2a |
+Under some environments it may not be possible to run the B<CA-1_1.pl> script
|
|
Bernhard M. Wiedemann |
514c2a |
directly (for example Win32) and the default configuration file location may
|
|
Bernhard M. Wiedemann |
514c2a |
be wrong. In this case the command:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- perl -S CA.pl
|
|
Bernhard M. Wiedemann |
514c2a |
+ perl -S CA-1_1.pl
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
can be used and the B<OPENSSL_CONF> environment variable changed to point to
|
|
Bernhard M. Wiedemann |
514c2a |
the correct path of the configuration file.
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man1/ca.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man1/ca.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man1/ca.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -698,7 +698,7 @@ the database has to be kept in memory.
|
|
Bernhard M. Wiedemann |
514c2a |
The B<ca> command really needs rewriting or the required functionality
|
|
Bernhard M. Wiedemann |
514c2a |
exposed at either a command or interface level so a more friendly utility
|
|
Bernhard M. Wiedemann |
514c2a |
(perl script or GUI) can handle things properly. The script
|
|
Bernhard M. Wiedemann |
514c2a |
-B<CA.pl> helps a little but not very much.
|
|
Bernhard M. Wiedemann |
514c2a |
+B<CA-1_1.pl> helps a little but not very much.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Any fields in a request that are not present in a policy are silently
|
|
Bernhard M. Wiedemann |
514c2a |
deleted. This does not happen if the B<-preserveDN> option is used. To
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -754,7 +754,7 @@ are in year 2050 or later.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 SEE ALSO
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
|
|
Bernhard M. Wiedemann |
514c2a |
+L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA-1_1.pl(1)>,
|
|
Bernhard M. Wiedemann |
514c2a |
L<config(5)>, L<x509v3_config(5)>
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 COPYRIGHT
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man1/rehash.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man1/rehash.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man1/rehash.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -6,7 +6,7 @@ Original text by James Westby, contribut
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 NAME
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
openssl-c_rehash, openssl-rehash,
|
|
Bernhard M. Wiedemann |
514c2a |
-c_rehash, rehash - Create symbolic links to files named by the hash values
|
|
Bernhard M. Wiedemann |
514c2a |
+c_rehash-1_1, rehash - Create symbolic links to files named by the hash values
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 SYNOPSIS
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -19,13 +19,13 @@ B<[-n]>
|
|
Bernhard M. Wiedemann |
514c2a |
B<[-v]>
|
|
Bernhard M. Wiedemann |
514c2a |
[ I<directory>...]
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-B<c_rehash>
|
|
Bernhard M. Wiedemann |
514c2a |
+B<c_rehash-1_1>
|
|
Bernhard M. Wiedemann |
514c2a |
I<flags...>
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 DESCRIPTION
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-On some platforms, the OpenSSL B<rehash> command is available as
|
|
Bernhard M. Wiedemann |
514c2a |
-an external script called B<c_rehash>. They are functionally equivalent,
|
|
Bernhard M. Wiedemann |
514c2a |
+On some platforms, the OpenSSL B<rehash-1_1> command is available as
|
|
Bernhard M. Wiedemann |
514c2a |
+an external script called B<c_rehash-1_1>. They are functionally equivalent,
|
|
Bernhard M. Wiedemann |
514c2a |
except for minor differences noted below.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
B<rehash> scans directories and calculates a hash value of each
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -66,7 +66,7 @@ more than one such object appears in the
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head2 Script Configuration
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-The B<c_rehash> script
|
|
Bernhard M. Wiedemann |
514c2a |
+The B<c_rehash-1_1> script
|
|
Bernhard M. Wiedemann |
514c2a |
uses the B<openssl> program to compute the hashes and
|
|
Bernhard M. Wiedemann |
514c2a |
fingerprints. If not found in the user's B<PATH>, then set the
|
|
Bernhard M. Wiedemann |
514c2a |
B<OPENSSL> environment variable to the full pathname.
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man1/tsget.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man1/tsget.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man1/tsget.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -35,7 +35,7 @@ line.
|
|
Bernhard M. Wiedemann |
514c2a |
The tool sends the following HTTP request for each timestamp request:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
POST url HTTP/1.1
|
|
Bernhard M. Wiedemann |
514c2a |
- User-Agent: OpenTSA tsget.pl/<version>
|
|
Bernhard M. Wiedemann |
514c2a |
+ User-Agent: OpenTSA tsget-1_1.pl/<version>
|
|
Bernhard M. Wiedemann |
514c2a |
Host: <host>:<port>
|
|
Bernhard M. Wiedemann |
514c2a |
Pragma: no-cache
|
|
Bernhard M. Wiedemann |
514c2a |
Content-Type: application/timestamp-query
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -108,7 +108,7 @@ Either option B<-C> or option B<-P> must
|
|
Bernhard M. Wiedemann |
514c2a |
=item B<-P> CA_path
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
(HTTPS) The path containing the trusted CA certificates to verify the peer's
|
|
Bernhard M. Wiedemann |
514c2a |
-certificate. The directory must be prepared with the B<c_rehash>
|
|
Bernhard M. Wiedemann |
514c2a |
+certificate. The directory must be prepared with the B<c_rehash-1_1>
|
|
Bernhard M. Wiedemann |
514c2a |
OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of
|
|
Bernhard M. Wiedemann |
514c2a |
HTTPS. (Optional)
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man1/verify.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man1/verify.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man1/verify.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -75,7 +75,7 @@ The file should contain one or more cert
|
|
Bernhard M. Wiedemann |
514c2a |
A directory of trusted certificates. The certificates should have names
|
|
Bernhard M. Wiedemann |
514c2a |
of the form: hash.0 or have symbolic links to them of this
|
|
Bernhard M. Wiedemann |
514c2a |
form ("hash" is the hashed certificate subject name: see the B<-hash> option
|
|
Bernhard M. Wiedemann |
514c2a |
-of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
|
|
Bernhard M. Wiedemann |
514c2a |
+of the B<x509> utility). Under Unix the B<c_rehash-1_1> script will automatically
|
|
Bernhard M. Wiedemann |
514c2a |
create symbolic links to a directory of certificates.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=item B<-no-CAfile>
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man1/x509.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man1/x509.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man1/x509.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -932,7 +932,7 @@ The hash algorithm used in the B<-subjec
|
|
Bernhard M. Wiedemann |
514c2a |
before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
|
|
Bernhard M. Wiedemann |
514c2a |
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
|
|
Bernhard M. Wiedemann |
514c2a |
canonical version of the DN using SHA1. This means that any directories using
|
|
Bernhard M. Wiedemann |
514c2a |
-the old form must have their links rebuilt using B<c_rehash> or similar.
|
|
Bernhard M. Wiedemann |
514c2a |
+the old form must have their links rebuilt using B<c_rehash-1_1> or similar.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 COPYRIGHT
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/doc/man3/SSL_CTX_load_verify_locations.pod
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -63,7 +63,7 @@ If more than one CA certificate with the
|
|
Bernhard M. Wiedemann |
514c2a |
extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
|
|
Bernhard M. Wiedemann |
514c2a |
is performed in the ordering of the extension number, regardless of other
|
|
Bernhard M. Wiedemann |
514c2a |
properties of the certificates.
|
|
Bernhard M. Wiedemann |
514c2a |
-Use the B<c_rehash> utility to create the necessary links.
|
|
Bernhard M. Wiedemann |
514c2a |
+Use the B<c_rehash-1_1> utility to create the necessary links.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
The certificates in B<CApath> are only looked up when required, e.g. when
|
|
Bernhard M. Wiedemann |
514c2a |
building the certificate chain or when actually performing the verification
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -137,7 +137,7 @@ Prepare the directory /some/where/certs
|
|
Bernhard M. Wiedemann |
514c2a |
for use as B<CApath>:
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
cd /some/where/certs
|
|
Bernhard M. Wiedemann |
514c2a |
- c_rehash .
|
|
Bernhard M. Wiedemann |
514c2a |
+ c_rehash-1_1 .
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
=head1 SEE ALSO
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/test/recipes/80-test_ca.t
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/test/recipes/80-test_ca.t
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/test/recipes/80-test_ca.t
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -27,27 +27,27 @@ plan tests => 5;
|
|
Bernhard M. Wiedemann |
514c2a |
SKIP: {
|
|
Bernhard M. Wiedemann |
514c2a |
$ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
|
|
Bernhard M. Wiedemann |
514c2a |
skip "failed creating CA structure", 4
|
|
Bernhard M. Wiedemann |
514c2a |
- if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
|
|
Bernhard M. Wiedemann |
514c2a |
+ if !ok(run(perlapp(["CA-1_1.pl","-newca"], stdin => undef)),
|
|
Bernhard M. Wiedemann |
514c2a |
'creating CA structure');
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
$ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
|
|
Bernhard M. Wiedemann |
514c2a |
skip "failed creating new certificate request", 3
|
|
Bernhard M. Wiedemann |
514c2a |
- if !ok(run(perlapp(["CA.pl","-newreq"])),
|
|
Bernhard M. Wiedemann |
514c2a |
+ if !ok(run(perlapp(["CA-1_1.pl","-newreq"])),
|
|
Bernhard M. Wiedemann |
514c2a |
'creating certificate request');
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
$ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"';
|
|
Bernhard M. Wiedemann |
514c2a |
skip "failed to sign certificate request", 2
|
|
Bernhard M. Wiedemann |
514c2a |
- if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
|
|
Bernhard M. Wiedemann |
514c2a |
+ if !is(yes(cmdstr(perlapp(["CA-1_1.pl", "-sign"]))), 0,
|
|
Bernhard M. Wiedemann |
514c2a |
'signing certificate request');
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
- ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
|
|
Bernhard M. Wiedemann |
514c2a |
+ ok(run(perlapp(["CA-1_1.pl", "-verify", "newcert.pem"])),
|
|
Bernhard M. Wiedemann |
514c2a |
'verifying new certificate');
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
skip "CT not configured, can't use -precert", 1
|
|
Bernhard M. Wiedemann |
514c2a |
if disabled("ct");
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
$ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
|
|
Bernhard M. Wiedemann |
514c2a |
- ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)),
|
|
Bernhard M. Wiedemann |
514c2a |
+ ok(run(perlapp(["CA-1_1.pl", "-precert"], stderr => undef)),
|
|
Bernhard M. Wiedemann |
514c2a |
'creating new pre-certificate');
|
|
Bernhard M. Wiedemann |
514c2a |
}
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/tools/build.info
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/tools/build.info
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/tools/build.info
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -1,5 +1,5 @@
|
|
Bernhard M. Wiedemann |
514c2a |
{- our $c_rehash_name =
|
|
Bernhard M. Wiedemann |
514c2a |
- $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
|
|
Bernhard M. Wiedemann |
514c2a |
+ $config{target} =~ /^(VC|vms)-/ ? "c_rehash-1_1.pl" : "c_rehash-1_1";
|
|
Bernhard M. Wiedemann |
514c2a |
"" -}
|
|
Bernhard M. Wiedemann |
514c2a |
IF[{- !$disabled{apps} -}]
|
|
Bernhard M. Wiedemann |
514c2a |
SCRIPTS={- $c_rehash_name -}
|
|
Bernhard M. Wiedemann |
514c2a |
Index: openssl-1.1.1s/tools/c_rehash.in
|
|
Bernhard M. Wiedemann |
514c2a |
===================================================================
|
|
Bernhard M. Wiedemann |
514c2a |
--- openssl-1.1.1s.orig/tools/c_rehash.in
|
|
Bernhard M. Wiedemann |
514c2a |
+++ openssl-1.1.1s/tools/c_rehash.in
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -8,7 +8,7 @@
|
|
Bernhard M. Wiedemann |
514c2a |
# in the file LICENSE in the source distribution or at
|
|
Bernhard M. Wiedemann |
514c2a |
# https://www.openssl.org/source/license.html
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
-# Perl c_rehash script, scan all files in a directory
|
|
Bernhard M. Wiedemann |
514c2a |
+# Perl c_rehash-1_1 script, scan all files in a directory
|
|
Bernhard M. Wiedemann |
514c2a |
# and add symbolic links to their hash values.
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
my $dir = {- quotify1($config{openssldir}) -};
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -44,7 +44,7 @@ while ( $ARGV[0] =~ /^-/ ) {
|
|
Bernhard M. Wiedemann |
514c2a |
}
|
|
Bernhard M. Wiedemann |
514c2a |
|
|
Bernhard M. Wiedemann |
514c2a |
sub help {
|
|
Bernhard M. Wiedemann |
514c2a |
- print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
+ print "Usage: c_rehash-1_1 [-old] [-h] [-help] [-v] [dirs...]\n";
|
|
Bernhard M. Wiedemann |
514c2a |
print " -old use old-style digest\n";
|
|
Bernhard M. Wiedemann |
514c2a |
print " -h or -help print this help text\n";
|
|
Bernhard M. Wiedemann |
514c2a |
print " -v print files removed and linked\n";
|
|
Bernhard M. Wiedemann |
514c2a |
@@ -73,7 +73,7 @@ if (! -x $openssl) {
|
|
Bernhard M. Wiedemann |
514c2a |
}
|
|
Bernhard M. Wiedemann |
514c2a |
}
|
|
Bernhard M. Wiedemann |
514c2a |
if ($found == 0) {
|
|
Bernhard M. Wiedemann |
514c2a |
- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
|
|
Bernhard M. Wiedemann |
514c2a |
+ print STDERR "c_rehash-1_1: rehashing skipped ('openssl-1_1' program not available)\n";
|
|
Bernhard M. Wiedemann |
514c2a |
exit 0;
|
|
Bernhard M. Wiedemann |
514c2a |
}
|
|
Bernhard M. Wiedemann |
514c2a |
}
|