[rpms/openssl3] rawhide: We ship a config file without any include directives

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl3] rawhide: We ship a config file without any include directives
@ 2026-06-08 11:08 Dmitry Belyavskiy
  0 siblings, 0 replies; only message in thread
From: Dmitry Belyavskiy @ 2026-06-08 11:08 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/openssl3
Branch : rawhide
Commit : a4b8977bd756b3fda2797439471c9cee4a1bcba7
Author : Dmitry Belyavskiy <beldmit@gmail.com>
Date   : 2026-06-08T13:07:37+02:00
Stats  : +27/-7 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl3/c/a4b8977bd756b3fda2797439471c9cee4a1bcba7?branch=rawhide

Log:
We ship a config file without any include directives

---
diff --git a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
index ef9529d..66e80e1 100644
--- a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
+++ b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
@@ -47,7 +47,7 @@ new file mode 100644
 index 0000000000..fe2346eb2b
 --- /dev/null
 +++ b/rh-openssl.cnf
-@@ -0,0 +1,403 @@
+@@ -0,0 +1,418 @@
 +#
 +# OpenSSL example configuration file.
 +# See doc/man5/config.pod for more info.
@@ -122,8 +122,8 @@ index 0000000000..fe2346eb2b
 +##[legacy_sect]
 +##activate = 1
 +
-+#Place the third party provider configuration files into this folder
-+.include /etc/pki/tls/openssl3.d
++##Place the third party provider configuration files into this folder
++#.include /etc/pki/tls/openssl3.d
 +
 +
 +[ ssl_module ]
@@ -131,8 +131,23 @@ index 0000000000..fe2346eb2b
 +system_default = crypto_policy
 +
 +[ crypto_policy ]
++CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
++Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
++TLS.MinProtocol = TLSv1.2
++TLS.MaxProtocol = TLSv1.3
++DTLS.MinProtocol = DTLSv1.2
++DTLS.MaxProtocol = DTLSv1.2
++SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:?ECDSA+SHA256:?ECDSA+SHA384:?ECDSA+SHA512:?ed25519:?ed448:?rsa_pss_pss_sha256:?rsa_pss_pss_sha384:?rsa_pss_pss_sha512:?rsa_pss_rsae_sha256:?rsa_pss_rsae_sha384:?rsa_pss_rsae_sha512:?RSA+SHA256:?RSA+SHA384:?RSA+SHA512:?ECDSA+SHA224:?RSA+SHA224
++Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*?X25519:?secp256r1:?X448:?secp521r1:?secp384r1:?ffdhe2048:?ffdhe3072:?ffdhe4096:?ffdhe6144:?ffdhe8192
++
++[req]
++default_bits = 2048
 +
-+.include = /etc/crypto-policies/back-ends/opensslcnf.config
++[openssl_init]
++alg_section = evp_properties
++
++[evp_properties]
++rh-allow-sha1-signatures = no
 +
 +####################################################################
 +[ ca ]

diff --git a/openssl3.spec b/openssl3.spec
index f6ebbb5..b8900e6 100644
--- a/openssl3.spec
+++ b/openssl3.spec
@@ -34,7 +34,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl3
 Version: 3.5.6
-Release: 3%{?dist}
+Release: 4%{?dist}
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@@ -140,7 +140,8 @@ Provides: deprecated()
 %description libs
 OpenSSL is a toolkit for supporting cryptography. The openssl-libs
 package contains the libraries that are used by various applications which
-support cryptographic algorithms and protocols.
+support cryptographic algorithms and protocols. This version provides libs
+for OpenSSL 3.5 for compatibility purposes.
 
 %package devel
 Summary: Files for development of applications which will use OpenSSL
@@ -494,8 +495,12 @@ fi
 %ldconfig_scriptlets libs
 
 %changelog
+* Mon Jun 08 2026 Dmitry Belyavskiy <beldmit@gmail.com> - 1:3.5.6-4
+- We don't use include directives in the compat package to avoid interference
+  with the upcoming 4.0 release. We use the DEFAULT crypto policy instead.
+
 * Tue Apr 28 2026 Dmitry Belyavskiy <beldmit@gmail.com> - 1:3.5.6-3
-- Adjusted dependencies. Added 'Provides: deprectaed()' for all the subpackages
+- Adjusted dependencies. Added 'Provides: deprecated()' for all the subpackages
 
 * Fri Apr 10 2026 Dmitry Belyavskiy <beldmit@gmail.com> - 1:3.5.6-2
 - rebuilt

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-08 11:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-08 11:08 [rpms/openssl3] rawhide: We ship a config file without any include directives Dmitry Belyavskiy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox