Commit bc315402 authored by Leigh Stoller's avatar Leigh Stoller

Make sure our sys certs properly say version 3 instead of V1.

parent ede0034d
#
# Update ca.cnf so that geni certs are marked as version 3.
#
use strict;
use libinstall;
my $CACONF = "$TBROOT/lib/ssl/ca.cnf";
sub InstallUpdate($$)
{
my ($version, $phase) = @_;
#
# If something should run in the pre-install phase.
#
if ($phase eq "pre") {
Phase "ca.cnf", "Updating ssl CA config file", sub {
PhaseSkip("Already updated")
if (`grep 'Added for update 5.16' $CACONF`);
BackUpFileFatal($CACONF);
ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/ssl ca.cnf");
# For impotent mode.
DiffFiles("$TOP_OBJDIR/ssl/ca.cnf", $CACONF);
ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/ssl install-conf");
};
}
#
# If something should run in the post-install phase.
#
if ($phase eq "post") {
}
return 0;
}
1;
...@@ -121,6 +121,8 @@ preserve = no # keep passed DN ordering ...@@ -121,6 +121,8 @@ preserve = no # keep passed DN ordering
unique_subject = no unique_subject = no
copy_extensions = copy copy_extensions = copy
policy = policy_sslxmlrpc policy = policy_sslxmlrpc
# Added for update 5.16
x509_extensions = v3_ca # Need this to set the version number to 3
[ CA_crl ] [ CA_crl ]
dir = . # Where everything is kept dir = . # Where everything is kept
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment