Attached are 2 files. openssl-CA.pl.diff fixes Configure and CA.pl so
that /usr/local/bin/perl5 gets replaced with where perl really is (just
like der_chop).
openssl.spec is a much nicer RPM spec file for 0.9.4 than any I've seen
elsewere. Feel free to include it or not, makes no difference to me.
Just leave credits intact.
-- Peter
diff -N -u -r openssl-0.9.4.old/Configure openssl-0.9.4/Configure
--- openssl-0.9.4.old/Configure Sun Aug 8 07:56:29 1999
+++ openssl-0.9.4/Configure Sun Jan 2 20:06:47 2000
@@ -733,9 +733,11 @@
&dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',);
if ( $perl =~ m@^/@) {
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+ &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+ &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
}
diff -N -u -r openssl-0.9.4.old/apps/CA.pl openssl-0.9.4/apps/CA.pl
--- openssl-0.9.4.old/apps/CA.pl Wed May 19 22:09:46 1999
+++ openssl-0.9.4/apps/CA.pl Sun Jan 2 20:07:28 2000
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/local/bin/perl5
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
diff -N -u -r openssl-0.9.4.old/apps/CA.pl.in openssl-0.9.4/apps/CA.pl.in
--- openssl-0.9.4.old/apps/CA.pl.in Wed Dec 31 19:00:00 1969
+++ openssl-0.9.4/apps/CA.pl.in Sun Jan 2 20:05:26 2000
@@ -0,0 +1,153 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# [EMAIL PROTECTED]
+#
+
+# 27-Apr-98 snh Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# [EMAIL PROTECTED]
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+ system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Certificate (and private key) is in newreq.pem\n"
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newca$/) {
+ # if explictly asked for or it doesn't exist then setup the
+ # directory structure that Eric likes to manage things
+ $NEW="1";
+ if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+ # create the directory hierarchy
+ mkdir $CATOP, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/serial";
+ print OUT "01\n";
+ close OUT;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ }
+ if ( ! -f "${CATOP}/private/$CAKEY" ) {
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = <STDIN>;
+
+ chop $FILE;
+
+ # ask user for existing CA certificate
+ if ($FILE) {
+ cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ $RET=$?;
+ } else {
+ print "Making CA certificate ...\n";
+ system ("$REQ -new -x509 -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+ $RET=$?;
+ }
+ }
+ } elsif (/^-xsign$/) {
+ system ("$CA -policy policy_anything -infiles newreq.pem");
+ $RET=$?;
+ } elsif (/^(-sign|-signreq)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles newreq.pem");
+ $RET=$?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-signcert$/) {
+ system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+ "-out tmp.pem");
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles tmp.pem");
+ $RET = $?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-verify$/) {
+ if (shift) {
+ foreach $j (@ARGV) {
+ system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+ $RET=$? if ($? != 0);
+ }
+ exit $RET;
+ } else {
+ system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+ $RET=$?;
+ exit 0;
+ }
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 1;
+ }
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+ $flag = 1 if (/^-----BEGIN.*$bound/) ;
+ print OUT $_ if ($flag);
+ if (/^-----END.*$bound/) {
+ close IN;
+ close OUT;
+ return;
+ }
+}
+}
+
Summary: OpenSSL
%define name openssl
%define version 0.9.4
%define release 2
Name: %{name}
Version: %{version}
Release: %{release}
Group: Security/Encryption
Packager: Peter Jones <[EMAIL PROTECTED]>
Source: http://www.openssl.org/source/%{name}-%{version}.tar.gz
Patch: openssl-CA.pl.diff
Copyright: Dual License (OpenSSL and SSLeay) bsdstyle Open Source
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-root
Provides: SSL
%description
openssl contains the SSL binaries and libraries required for SSL apps like Apache.
%package devel
Summary: Development libraries for openssl.
Group: Development/Libraries
%description devel
development libraries for openssl.
%changelog
* Sun Jan 2 2000 Peter Jones <[EMAIL PROTECTED]>
- rebuilt this spec from scratch after looking at Sean P. Kane's spec.
this one does things different in several places.
%prep
%setup -q
%patch -p1
%build
rm -rf $RPM_BUILD_ROOT
CFLAGS="${RPM_OPT_FLAGS}" ./config --prefix=/usr
make
make rehash
make test
%install
if [ -d $RPM_BUILD_ROOT ]; then rm -rf $RPM_BUILD_ROOT ; fi
make INSTALL_PREFIX=$RPM_BUILD_ROOT install
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc CHANGES
%doc CHANGES.SSLeay
%doc INSTALL
%doc INSTALL.W32
%doc LICENSE
%doc README
%doc NEWS
%doc $RPM_BUILD_DIR/%{name}-%{version}/doc/*
%dir /usr/ssl/certs
%dir /usr/ssl/lib
%dir /usr/ssl/private
%config /usr/ssl/openssl.cnf
/usr/ssl/misc/*
/usr/bin/*
%files devel
%defattr(-,root,root)
/usr/lib/*
/usr/include/openssl/*.h
%clean
rm -rf $RPM_BUILD_ROOT
