#30: [SECURITY] [PATCH] Fix openssl directory structure --------------------+------------------------------------------------------- Id: 30 | Status: new Component: ports | Modified: Fri Dec 23 17:31:05 2005 Severity: normal | Milestone: Priority: normal | Version: Owner: per | Reporter: centericq@ukr.net --------------------+------------------------------------------------------- OpenSSL package lacks the /etc/ssl/newcerts directory, where openssl utility creates new certificates. If the directory not exists - it fails to sign a server keys. Also it will be nice to do this: mkdir -p $PKG/etc/ssl/newcerts touch $PKG/etc/ssl/index.txt cat "01" > $PKG/etc/ssl/serial All filenames are taken from a standard configuration file. It is wise to chmod 700 $PKG/etc/ssl/private to avoid access of normal users to secret keys Patch is here {{{ --- Pkgfile.old 2005-12-23 18:23:43.000000000 +0200 +++ Pkgfile 2005-12-23 18:28:15.000000000 +0200 @@ -2,7 +2,7 @@ name=openssl version=0.9.7i -release=1 +release=2 source=(http://www.openssl.org/source/$name-$version.tar.gz) build() { @@ -12,4 +12,9 @@ build() { make INSTALL_PREFIX=$PKG MANDIR=/usr/man MANSUFFIX=ssl install find $PKG -name "*fips*" -exec rm -f {} \; chmod -R +w $PKG + + mkdir -p $PKG/etc/ssl/newcerts + touch $PKG/etc/ssl/index.txt + echo "01" > $PKG/etc/ssl/serial + chmod 700 $PKG/etc/ssl/private } }}} -- Ticket URL: <http://crux.nu/cgi-bin/trac.cgi/ticket/30> CRUX <http://crux.nu/> CRUX