public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Makefile.certificate should not set serial to 0 by default
Date: Tue, 09 Jun 2026 12:43:40 GMT [thread overview]
Message-ID: <178100902050.1.16533710177243385108.rpms-openssl-6536aa4c734b@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 6536aa4c734b09bc0975cdc1586c1bb3c35eff43
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2015-12-04T14:36:15+01:00
Stats : +20/-8 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/6536aa4c734b09bc0975cdc1586c1bb3c35eff43?branch=rebase_40beta
Log:
Makefile.certificate should not set serial to 0 by default
---
diff --git a/Makefile.certificate b/Makefile.certificate
index 4f9d55d..cc88c52 100644
--- a/Makefile.certificate
+++ b/Makefile.certificate
@@ -1,8 +1,11 @@
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
-SERIAL=0
DAYS=365
KEYLEN=2048
TYPE=rsa:$(KEYLEN)
+EXTRA_FLAGS=
+ifdef SERIAL
+ EXTRA_FLAGS+=-set_serial $(SERIAL)
+endif
.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
@@ -23,8 +26,9 @@ usage:
@echo "To create a CSR for use with Apache, run \"make certreq\"."
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
@echo
- @echo "To create a test certificate with serial number other than zero, add SERIAL=num"
+ @echo "To create a test certificate with serial number other than random, add SERIAL=num"
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
+ @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
@echo
@echo Examples:
@echo " make server.key"
@@ -35,14 +39,14 @@ usage:
@echo " make certreq"
@echo " make testcert"
@echo " make server.crt SERIAL=1"
- @echo " make stunnel.pem SERIAL=2"
- @echo " make testcert SERIAL=3"
+ @echo " make stunnel.pem EXTRA_FLAGS=-sha384"
+ @echo " make testcert DAYS=600"
%.pem:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 -set_serial $(SERIAL) ; \
+ /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
cat $$PEM1 > $@ ; \
echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \
@@ -58,7 +62,7 @@ usage:
%.crt: %.key
umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ -set_serial $(SERIAL)
+ /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
@@ -75,4 +79,4 @@ $(CSR): $(KEY)
$(CRT): $(KEY)
umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) -set_serial $(SERIAL)
+ /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
diff --git a/openssl.spec b/openssl.spec
index fa18769..6d27b92 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -227,6 +227,9 @@ if ! echo %{_target} | grep -q i686 ; then
sslflags="no-asm 386"
fi
%endif
+%ifarch x86_64
+sslflags=enable-ec_nistp_64_gcc_128
+%endif
%ifarch sparcv9
sslarch=linux-sparcv9
sslflags=no-asm
@@ -243,21 +246,25 @@ sslarch="linux-generic32 -DB_ENDIAN"
%endif
%ifarch s390x
sslarch="linux64-s390x"
+sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif
%ifarch aarch64
sslarch=linux-aarch64
+sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch sh3 sh4
sslarch=linux-generic32
%endif
%ifarch ppc64 ppc64p7
sslarch=linux-ppc64
+sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch ppc64le
sslarch="linux-ppc64le"
+sslflags=enable-ec_nistp_64_gcc_128
%endif
# ia64, x86_64, ppc are OK by default
@@ -268,7 +275,7 @@ sslarch="linux-ppc64le"
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
- enable-cms enable-md2 enable-ec_nistp_64_gcc_128 \
+ enable-cms enable-md2 \
no-mdc2 no-rc5 no-ec2m no-gost no-srp \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
--with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
@@ -488,6 +495,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
- enable fast assembler implementation for NIST P-256 and P-521
elliptic curves (#1164210)
- filter out unwanted link options from the .pc files (#1257836)
+- do not set serial to 0 in Makefile.certificate (#1135719)
* Mon Nov 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-3
- fix sigill on some AMD CPUs (#1278194)
reply other threads:[~2026-06-09 12:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100902050.1.16533710177243385108.rpms-openssl-6536aa4c734b@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox