[myproxy] Add myproxy-ssl1-tls.patch and myproxy-ssl1-2048bits.patch.
stevetraylen
stevetraylen at fedoraproject.org
Tue May 15 15:11:17 UTC 2012
commit 2457741ef62b7b32446a673244f1583274c37ee7
Author: Steve Traylen <steve.traylen at cern.ch>
Date: Tue May 15 19:05:08 2012 +0200
Add myproxy-ssl1-tls.patch and myproxy-ssl1-2048bits.patch.
myproxy-ssl1-2048bits.patch | 118 +++++++++++++++++++++++++++++++++++++++++++
myproxy-ssl1-tls.patch | 31 +++++++++++
myproxy.spec | 16 ++++++-
3 files changed, 164 insertions(+), 1 deletions(-)
---
diff --git a/myproxy-ssl1-2048bits.patch b/myproxy-ssl1-2048bits.patch
new file mode 100644
index 0000000..c18c861
--- /dev/null
+++ b/myproxy-ssl1-2048bits.patch
@@ -0,0 +1,118 @@
+Update of /cvsroot/cilogon/myproxy
+In directory vz-cvs-4.sog:/tmp/cvs-serv14150
+
+Modified Files:
+ myproxy-test
+Log Message:
+force grid-proxy-init to create 2048 bit keys in myproxy-test
+
+
+Index: myproxy-test
+===================================================================
+RCS file: /cvsroot/cilogon/myproxy/myproxy-test,v
+retrieving revision 1.85
+retrieving revision 1.86
+diff -C2 -d -r1.85 -r1.86
+*** myproxy-test 4 May 2011 20:21:39 -0000 1.85
+--- myproxy-test 15 May 2012 12:44:54 -0000 1.86
+***************
+*** 19,22 ****
+--- 19,24 ----
+ $tmpdir = tempdir(CLEANUP => 1);
+
++ $PROXYBITS = "-bits 2048";
++
+ #
+ # handle cmdline options
+***************
+*** 139,143 ****
+ chomp($grid_proxy_init = `which grid-proxy-init 2>/dev/null`);
+ die "grid-proxy-init not found, stopped" if (!(-x $grid_proxy_init));
+! &runcmd("$grid_proxy_init -debug");
+ } #end of generatecerts.
+
+--- 141,145 ----
+ chomp($grid_proxy_init = `which grid-proxy-init 2>/dev/null`);
+ die "grid-proxy-init not found, stopped" if (!(-x $grid_proxy_init));
+! &runcmd("$grid_proxy_init -debug $PROXYBITS");
+ } #end of generatecerts.
+
+***************
+*** 154,158 ****
+ if (!defined($timeleft) || $timeleft eq "" || ($timeleft < 60*60*3)) {
+ &debug("Problem with proxy. Will try to create a new one.");
+! `$grid_proxy_init -pwstdin </dev/null >/dev/null 2>&1`;
+ $timeleft = `$grid_proxy_info -timeleft 2>/dev/null`;
+ }
+--- 156,160 ----
+ if (!defined($timeleft) || $timeleft eq "" || ($timeleft < 60*60*3)) {
+ &debug("Problem with proxy. Will try to create a new one.");
+! `$grid_proxy_init $PROXYBITS -pwstdin </dev/null >/dev/null 2>&1`;
+ $timeleft = `$grid_proxy_info -timeleft 2>/dev/null`;
+ }
+***************
+*** 216,220 ****
+ #
+ $iproxyloc = "$tmpdir/iproxy.pem";
+! &runcmd("$grid_proxy_init -out $iproxyloc -independent -hours 0");
+ chomp($iproxysubject = `$grid_proxy_info -file $iproxyloc -identity`);
+ die "grid-proxy-info -file $iproxyloc -identity failed, stopped"
+--- 218,222 ----
+ #
+ $iproxyloc = "$tmpdir/iproxy.pem";
+! &runcmd("$grid_proxy_init $PROXYBITS -out $iproxyloc -independent -hours 0");
+ chomp($iproxysubject = `$grid_proxy_info -file $iproxyloc -identity`);
+ die "grid-proxy-info -file $iproxyloc -identity failed, stopped"
+***************
+*** 1207,1211 ****
+ &runtest("myproxy-init -v -x -R '$cert_subject' -k renew -c 1 -t 1",
+ undef);
+! &runcmd("grid-proxy-init -limited -o \$X509_USER_PROXY.limited", undef);
+ rename("\$X509_USER_PROXY", "\$X509_USER_PROXY.orig");
+ rename("\$X509_USER_PROXY.limited", "\$X509_USER_PROXY");
+--- 1209,1213 ----
+ &runtest("myproxy-init -v -x -R '$cert_subject' -k renew -c 1 -t 1",
+ undef);
+! &runcmd("grid-proxy-init $PROXYBITS -limited -o \$X509_USER_PROXY.limited", undef);
+ rename("\$X509_USER_PROXY", "\$X509_USER_PROXY.orig");
+ rename("\$X509_USER_PROXY.limited", "\$X509_USER_PROXY");
+***************
+*** 1756,1760 ****
+ $typeopt = "-rfc";
+ }
+! $output = `$grid_proxy_init $typeopt -debug -verify -cert $proxyfile -key $proxyfile -valid 0:1 -out $tmpdir/tmpproxy.$$ 2>&1`;
+ if ($? != 0) {
+ $output = "failed to verify proxy\n" . $output;
+--- 1758,1762 ----
+ $typeopt = "-rfc";
+ }
+! $output = `$grid_proxy_init $PROXYBITS $typeopt -debug -verify -cert $proxyfile -key $proxyfile -valid 0:1 -out $tmpdir/tmpproxy.$$ 2>&1`;
+ if ($? != 0) {
+ $output = "failed to verify proxy\n" . $output;
+***************
+*** 1797,1801 ****
+ # shrug
+ }
+! local($output) = &runcmd("$grid_proxy_init $proxytype -debug -verify -cert $certfile -key $keyfile -valid 0:1 -out $tmpdir/tmpproxy.$$ -pwstdin", $passphrase);
+ if ($? != 0) {
+ $output = "failed to verify certificate from: $certfile and $keyfile\n" . $output;
+--- 1799,1803 ----
+ # shrug
+ }
+! local($output) = &runcmd("$grid_proxy_init $PROXYBITS $proxytype -debug -verify -cert $certfile -key $keyfile -valid 0:1 -out $tmpdir/tmpproxy.$$ -pwstdin", $passphrase);
+ if ($? != 0) {
+ $output = "failed to verify certificate from: $certfile and $keyfile\n" . $output;
+***************
+*** 1891,1895 ****
+ while ($i--) {
+ ($exitstatus, $output) =
+! &runcmd("grid-proxy-init -hours 1 -out $tmpdir/myproxy-test.$$", undef);
+ if ($exitstatus != 0) {
+ print "$$: grid-proxy-init FAILED with $i iters to go.\n";
+--- 1893,1897 ----
+ while ($i--) {
+ ($exitstatus, $output) =
+! &runcmd("grid-proxy-init $PROXYBITS -hours 1 -out $tmpdir/myproxy-test.$$", undef);
+ if ($exitstatus != 0) {
+ print "$$: grid-proxy-init FAILED with $i iters to go.\n";
+
diff --git a/myproxy-ssl1-tls.patch b/myproxy-ssl1-tls.patch
new file mode 100644
index 0000000..6fee6e2
--- /dev/null
+++ b/myproxy-ssl1-tls.patch
@@ -0,0 +1,31 @@
+Update of /cvsroot/cilogon/myproxy
+In directory vz-cvs-4.sog:/tmp/cvs-serv13506
+
+Modified Files:
+ VERSION gsi_socket.c
+Log Message:
+add support for TLS 1.1 and TLS 1.2 in OpenSSL 1.0.1
+
+
+Index: gsi_socket.c
+===================================================================
+RCS file: /cvsroot/cilogon/myproxy/gsi_socket.c,v
+retrieving revision 1.94
+retrieving revision 1.95
+diff -C2 -d -r1.94 -r1.95
+*** gsi_socket.c 16 May 2011 21:48:44 -0000 1.94
+--- gsi_socket.c 15 May 2012 12:34:34 -0000 1.95
+***************
+*** 212,217 ****
+ */
+ if (((header[flag] < 20) || (header[flag] > 26)) ||
+! (header[major_version] != 3) ||
+! ((header[minor_version] != 0) && (header[minor_version] != 1))) {
+ if (*p_buffer != NULL) {
+ free(*p_buffer);
+--- 212,216 ----
+ */
+ if (((header[flag] < 20) || (header[flag] > 26)) ||
+! (header[major_version] != 3)) {
+ if (*p_buffer != NULL) {
+ free(*p_buffer);
diff --git a/myproxy.spec b/myproxy.spec
index 560e876..b0e7352 100644
--- a/myproxy.spec
+++ b/myproxy.spec
@@ -16,7 +16,7 @@
Name: myproxy
Version: 5.6
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Manage X.509 Public Key Infrastructure (PKI) security credentials
Group: System Environment/Daemons
@@ -24,6 +24,15 @@ License: NCSA and BSD and ASL 2.0
URL: http://grid.ncsa.illinois.edu/myproxy/
Source0: http://downloads.sourceforge.net/cilogon/myproxy-%{version}.tar.gz
+#Two patches (0 and 1) for openssl1.0.1 support
+# http://lists.globus.org/pipermail/myproxy-commit/2012-May/000678.html
+# add support for TLS 1.1 and TLS 1.2 in OpenSSL 1.0.1
+Patch0: myproxy-ssl1-tls.patch
+# http://lists.globus.org/pipermail/myproxy-commit/2012-May/000679.html
+# force grid-proxy-init to create 2048 bit keys in myproxy-test
+Patch1: myproxy-ssl1-2048bits.patch
+
+
Source1: myproxy.init
Source2: myproxy.sysconfig
Source4: myproxy-server-tmpfiles.d.conf
@@ -180,6 +189,8 @@ Package %{name}-doc contains the MyProxy documentation.
%prep
%setup -q
+%%patch0
+%%patch1
%if 0%{?with_sysv}
cp -p %{SOURCE1} . #myproxy.init
cp -p %{SOURCE2} . #myproxy.sysconfig
@@ -432,6 +443,9 @@ fi
%{_libdir}/pkgconfig/myproxy.pc
%changelog
+* Tue May 15 2012 Steve Traylen <steve.traylen at cern.ch> - 5.6-4
+- Add myproxy-ssl1-tls.patch and myproxy-ssl1-2048bits.patch.
+
* Mon Mar 5 2012 Steve Traylen <steve.traylen at cern.ch> - 5.6-3
- tmpfile.d configuration does not support comments and must
be 0644
More information about the scm-commits
mailing list