summaryrefslogtreecommitdiffstats
path: root/debian/patches/snakeoil-certs.diff
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:11:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:11:04 +0000
commita31a6484b79cf48b4b464a6ab84df3361801076e (patch)
treea7c33f7023721122d1f49ab1dffdc2cd6a8481a5 /debian/patches/snakeoil-certs.diff
parentAdding upstream version 3.2.3+dfsg. (diff)
downloadfreeradius-a31a6484b79cf48b4b464a6ab84df3361801076e.tar.xz
freeradius-a31a6484b79cf48b4b464a6ab84df3361801076e.zip
Adding debian version 3.2.3+dfsg-2.debian/3.2.3+dfsg-2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/snakeoil-certs.diff')
-rw-r--r--debian/patches/snakeoil-certs.diff132
1 files changed, 132 insertions, 0 deletions
diff --git a/debian/patches/snakeoil-certs.diff b/debian/patches/snakeoil-certs.diff
new file mode 100644
index 0000000..483527b
--- /dev/null
+++ b/debian/patches/snakeoil-certs.diff
@@ -0,0 +1,132 @@
+Description: Use snakeoil certificates.
+Author: Michael Stapelberg <stapelberg@debian.org>
+Last-Updated: 2016-09-16
+Forwarded: not-needed
+
+---
+
+--- a/raddb/mods-available/eap
++++ b/raddb/mods-available/eap
+@@ -176,7 +176,7 @@
+ #
+ tls-config tls-common {
+ private_key_password = whatever
+- private_key_file = ${certdir}/server.pem
++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # If Private key & Certificate are located in
+ # the same file, then private_key_file &
+@@ -212,7 +212,7 @@
+ # give advice which will work everywhere. Instead,
+ # we give general guidelines.
+ #
+- certificate_file = ${certdir}/server.pem
++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+ # Trusted Root CA list
+ #
+@@ -225,7 +225,7 @@
+ # In that case, this CA file should contain
+ # *one* CA certificate.
+ #
+- ca_file = ${cadir}/ca.pem
++ ca_file = /etc/ssl/certs/ca-certificates.crt
+
+ #
+ # Directory where multiple CAs are stored. Both
+--- a/raddb/mods-available/inner-eap
++++ b/raddb/mods-available/inner-eap
+@@ -59,7 +59,7 @@
+ #
+ tls {
+ private_key_password = whatever
+- private_key_file = ${certdir}/inner-server.pem
++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # If Private key & Certificate are located in
+ # the same file, then private_key_file &
+@@ -71,11 +71,11 @@
+ # only the server certificate, but ALSO all
+ # of the CA certificates used to sign the
+ # server certificate.
+- certificate_file = ${certdir}/inner-server.pem
++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+ # You may want different CAs for inner and outer
+ # certificates. If so, edit this file.
+- ca_file = ${cadir}/ca.pem
++ ca_file = /etc/ssl/certs/ca-certificates.crt
+
+ cipher_list = "DEFAULT"
+
+--- a/raddb/sites-available/abfab-tls
++++ b/raddb/sites-available/abfab-tls
+@@ -14,9 +14,9 @@
+ private_key_password = whatever
+
+ # Moonshot tends to distribute certs separate from keys
+- private_key_file = ${certdir}/server.key
+- certificate_file = ${certdir}/server.pem
+- ca_file = ${cadir}/ca.pem
++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
++ ca_file = /etc/ssl/certs/ca-certificates.crt
+ dh_file = ${certdir}/dh
+ fragment_size = 8192
+ ca_path = ${cadir}
+--- a/raddb/sites-available/tls
++++ b/raddb/sites-available/tls
+@@ -161,7 +161,7 @@
+ #
+ tls {
+ private_key_password = whatever
+- private_key_file = ${certdir}/server.pem
++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # Accept an expired Certificate Revocation List
+ #
+@@ -177,7 +177,7 @@
+ # only the server certificate, but ALSO all
+ # of the CA certificates used to sign the
+ # server certificate.
+- certificate_file = ${certdir}/server.pem
++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+ # Trusted Root CA list
+ #
+@@ -194,7 +194,7 @@
+ # not use client certificates, and you do not want
+ # to permit EAP-TLS authentication, then delete
+ # this configuration item.
+- ca_file = ${cadir}/ca.pem
++ ca_file = /etc/ssl/certs/ca-certificates.crt
+
+ # For DH cipher suites to work in OpenSSL < 1.1.0,
+ # you have to run OpenSSL to create the DH file
+@@ -551,7 +551,7 @@
+ # hostname = "example.com"
+
+ private_key_password = whatever
+- private_key_file = ${certdir}/client.pem
++ private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # If Private key & Certificate are located in
+ # the same file, then private_key_file &
+@@ -563,7 +563,7 @@
+ # only the server certificate, but ALSO all
+ # of the CA certificates used to sign the
+ # server certificate.
+- certificate_file = ${certdir}/client.pem
++ certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+ # Trusted Root CA list
+ #
+@@ -580,7 +580,7 @@
+ # not use client certificates, and you do not want
+ # to permit EAP-TLS authentication, then delete
+ # this configuration item.
+- ca_file = ${cadir}/ca.pem
++ ca_file = /etc/ssl/certs/ca-certificates.crt
+
+ #
+ # Before version 3.2.1, outbound RadSec connections