diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 14:11:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 14:11:04 +0000 |
commit | a31a6484b79cf48b4b464a6ab84df3361801076e (patch) | |
tree | a7c33f7023721122d1f49ab1dffdc2cd6a8481a5 /debian/patches/snakeoil-certs.diff | |
parent | Adding upstream version 3.2.3+dfsg. (diff) | |
download | freeradius-a31a6484b79cf48b4b464a6ab84df3361801076e.tar.xz freeradius-a31a6484b79cf48b4b464a6ab84df3361801076e.zip |
Adding debian version 3.2.3+dfsg-2.debian/3.2.3+dfsg-2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/snakeoil-certs.diff')
-rw-r--r-- | debian/patches/snakeoil-certs.diff | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/debian/patches/snakeoil-certs.diff b/debian/patches/snakeoil-certs.diff new file mode 100644 index 0000000..483527b --- /dev/null +++ b/debian/patches/snakeoil-certs.diff @@ -0,0 +1,132 @@ +Description: Use snakeoil certificates. +Author: Michael Stapelberg <stapelberg@debian.org> +Last-Updated: 2016-09-16 +Forwarded: not-needed + +--- + +--- a/raddb/mods-available/eap ++++ b/raddb/mods-available/eap +@@ -176,7 +176,7 @@ + # + tls-config tls-common { + private_key_password = whatever +- private_key_file = ${certdir}/server.pem ++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key + + # If Private key & Certificate are located in + # the same file, then private_key_file & +@@ -212,7 +212,7 @@ + # give advice which will work everywhere. Instead, + # we give general guidelines. + # +- certificate_file = ${certdir}/server.pem ++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem + + # Trusted Root CA list + # +@@ -225,7 +225,7 @@ + # In that case, this CA file should contain + # *one* CA certificate. + # +- ca_file = ${cadir}/ca.pem ++ ca_file = /etc/ssl/certs/ca-certificates.crt + + # + # Directory where multiple CAs are stored. Both +--- a/raddb/mods-available/inner-eap ++++ b/raddb/mods-available/inner-eap +@@ -59,7 +59,7 @@ + # + tls { + private_key_password = whatever +- private_key_file = ${certdir}/inner-server.pem ++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key + + # If Private key & Certificate are located in + # the same file, then private_key_file & +@@ -71,11 +71,11 @@ + # only the server certificate, but ALSO all + # of the CA certificates used to sign the + # server certificate. +- certificate_file = ${certdir}/inner-server.pem ++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem + + # You may want different CAs for inner and outer + # certificates. If so, edit this file. +- ca_file = ${cadir}/ca.pem ++ ca_file = /etc/ssl/certs/ca-certificates.crt + + cipher_list = "DEFAULT" + +--- a/raddb/sites-available/abfab-tls ++++ b/raddb/sites-available/abfab-tls +@@ -14,9 +14,9 @@ + private_key_password = whatever + + # Moonshot tends to distribute certs separate from keys +- private_key_file = ${certdir}/server.key +- certificate_file = ${certdir}/server.pem +- ca_file = ${cadir}/ca.pem ++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key ++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ++ ca_file = /etc/ssl/certs/ca-certificates.crt + dh_file = ${certdir}/dh + fragment_size = 8192 + ca_path = ${cadir} +--- a/raddb/sites-available/tls ++++ b/raddb/sites-available/tls +@@ -161,7 +161,7 @@ + # + tls { + private_key_password = whatever +- private_key_file = ${certdir}/server.pem ++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key + + # Accept an expired Certificate Revocation List + # +@@ -177,7 +177,7 @@ + # only the server certificate, but ALSO all + # of the CA certificates used to sign the + # server certificate. +- certificate_file = ${certdir}/server.pem ++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem + + # Trusted Root CA list + # +@@ -194,7 +194,7 @@ + # not use client certificates, and you do not want + # to permit EAP-TLS authentication, then delete + # this configuration item. +- ca_file = ${cadir}/ca.pem ++ ca_file = /etc/ssl/certs/ca-certificates.crt + + # For DH cipher suites to work in OpenSSL < 1.1.0, + # you have to run OpenSSL to create the DH file +@@ -551,7 +551,7 @@ + # hostname = "example.com" + + private_key_password = whatever +- private_key_file = ${certdir}/client.pem ++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key + + # If Private key & Certificate are located in + # the same file, then private_key_file & +@@ -563,7 +563,7 @@ + # only the server certificate, but ALSO all + # of the CA certificates used to sign the + # server certificate. +- certificate_file = ${certdir}/client.pem ++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem + + # Trusted Root CA list + # +@@ -580,7 +580,7 @@ + # not use client certificates, and you do not want + # to permit EAP-TLS authentication, then delete + # this configuration item. +- ca_file = ${cadir}/ca.pem ++ ca_file = /etc/ssl/certs/ca-certificates.crt + + # + # Before version 3.2.1, outbound RadSec connections |