* [PATCH 1/3] openssl: Add Shell-Script based c_rehash utility
2016-05-23 20:45 [PATCH 0/3] Improve SSL certificate handling Otavio Salvador
@ 2016-05-23 20:45 ` Otavio Salvador
2016-05-23 20:45 ` [PATCH 2/3] ca-certificates: Use " Otavio Salvador
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Otavio Salvador @ 2016-05-23 20:45 UTC (permalink / raw)
To: OpenEmbedded Core Mailing List; +Cc: Otavio Salvador
The PLD Linux distribution has ported the c_rehash[1] utility from Perl
to Shell-Script, allowing it to be shipped by default.
1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761
The OpenSSL upstream intends[2] to convert the utility for C however
did not yet finished the conversion.
2. https://rt.openssl.org/Ticket/Display.html?id=2324
This patch adds this script and thus removed the Perl requirement for
it.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---
meta/recipes-connectivity/openssl/openssl.inc | 9 +-
.../openssl/openssl/openssl-c_rehash.sh | 210 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 1 +
3 files changed, 215 insertions(+), 5 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a5ddf4d..668e34e 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -36,7 +36,7 @@ PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
@@ -168,15 +168,14 @@ do_install () {
install -d ${D}${includedir}
cp --dereference -R include/openssl ${D}${includedir}
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
oe_multilib_header openssl/opensslconf.h
if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
- install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
- sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
- # The c_rehash utility isn't installed by the normal installation process.
else
- rm -f ${D}${bindir}/c_rehash
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
fi
}
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
new file mode 100644
index 0000000..0ea2263
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ echo "WARNING: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ echo "${1} => ${LINKFILE}"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${1} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ echo "Doing ${1}"
+
+ cd ${1}
+
+ ls -1 * 2>/dev/null | while read FILE
+ do
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+ do
+ check_file ${FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ continue
+ fi
+
+ link_hash ${FILE} ${TYPE_STR}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+ SSL_CMD=/usr/bin/openssl
+ OPENSSL=${SSL_CMD}
+ export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+ echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+ exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+ IFS=':'
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$SSL_CERT_DIR
+else
+ DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ IFS=$old_IFS
+ hash_dir ${CERT_DIR}
+ IFS=':'
+ fi
+done
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index ae65992..699fe62 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -13,6 +13,7 @@ export OE_LDFLAGS="${LDFLAGS}"
SRC_URI += "file://find.pl;subdir=${BP}/util/ \
file://run-ptest \
+ file://openssl-c_rehash.sh \
file://configure-targets.patch \
file://shared-libs.patch \
file://oe-ldflags.patch \
--
2.8.2
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH 2/3] ca-certificates: Use c_rehash utility
2016-05-23 20:45 [PATCH 0/3] Improve SSL certificate handling Otavio Salvador
2016-05-23 20:45 ` [PATCH 1/3] openssl: Add Shell-Script based c_rehash utility Otavio Salvador
@ 2016-05-23 20:45 ` Otavio Salvador
2016-05-23 20:45 ` [PATCH 3/3] openssl: Ensure SSL certificates are stored on sysconfdir Otavio Salvador
2016-05-26 13:41 ` [PATCH 0/3] Improve SSL certificate handling Richard Purdie
3 siblings, 0 replies; 8+ messages in thread
From: Otavio Salvador @ 2016-05-23 20:45 UTC (permalink / raw)
To: OpenEmbedded Core Mailing List; +Cc: Otavio Salvador
As now the c_rehash utility is available, we can use it. This removes
the patch to disable its usage allowing for a standard SSL behaviour.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---
...01-update-ca-certificates-remove-c-rehash.patch | 46 ----------------------
.../ca-certificates/ca-certificates_20160104.bb | 1 -
2 files changed, 47 deletions(-)
delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
deleted file mode 100644
index bf02723..0000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream-Status: Pending
-
-From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001
-From: Ulf Samuelsson <ulf@emagii.com>
-Date: Tue, 28 Feb 2012 06:42:58 +0100
-Subject: [PATCH] update-ca-certificates: remove c rehash
-
-Updated earlier patch to apply clean on 2012-02-12
-Signed-off-by: Ulf Samuelsson <ulf@emagii.com>
----
- sbin/update-ca-certificates | 20 ++++++++++----------
- 1 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 5375950..c567e3d 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE"
- ADDED_CNT=$(wc -l < "$ADDED")
- REMOVED_CNT=$(wc -l < "$REMOVED")
-
--if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
--then
-- # only run if set of files has changed
-- if [ "$verbose" = 0 ]
-- then
-- c_rehash . > /dev/null
-- else
-- c_rehash .
-- fi
--fi
-+#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
-+#then
-+# # only run if set of files has changed
-+# if [ "$verbose" = 0 ]
-+# then
-+# c_rehash . > /dev/null
-+# else
-+# c_rehash .
-+# fi
-+#fi
-
- chmod 0644 "$TEMPBUNDLE"
- mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
---
-1.7.4.1
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb b/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb
index e0f1939..871bc2e 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb
@@ -14,7 +14,6 @@ DEPENDS_class-native = ""
SRCREV = "f54715702c5c0581c9461f78fd84e2c8d2ec243c"
SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
- file://0001-update-ca-certificates-remove-c-rehash.patch \
file://0002-update-ca-certificates-use-SYSROOT.patch \
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
file://update-ca-certificates-support-Toybox.patch \
--
2.8.2
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH 3/3] openssl: Ensure SSL certificates are stored on sysconfdir
2016-05-23 20:45 [PATCH 0/3] Improve SSL certificate handling Otavio Salvador
2016-05-23 20:45 ` [PATCH 1/3] openssl: Add Shell-Script based c_rehash utility Otavio Salvador
2016-05-23 20:45 ` [PATCH 2/3] ca-certificates: Use " Otavio Salvador
@ 2016-05-23 20:45 ` Otavio Salvador
2016-05-26 13:41 ` [PATCH 0/3] Improve SSL certificate handling Richard Purdie
3 siblings, 0 replies; 8+ messages in thread
From: Otavio Salvador @ 2016-05-23 20:45 UTC (permalink / raw)
To: OpenEmbedded Core Mailing List; +Cc: Otavio Salvador
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.
This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---
meta/recipes-connectivity/openssl/openssl.inc | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 668e34e..3412c66 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '',
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the base openssl package and the libcrypto
# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
@@ -178,6 +178,17 @@ do_install () {
else
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
fi
+
+ # Create SSL structure
+ install -d ${D}${sysconfdir}/ssl/
+ mv ${D}${libdir}/ssl/openssl.cnf \
+ ${D}${libdir}/ssl/certs \
+ ${D}${libdir}/ssl/private \
+ \
+ ${D}${sysconfdir}/ssl/
+ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
}
do_install_ptest () {
@@ -191,7 +202,7 @@ do_install_ptest () {
cp -r certs ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/apps
ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
- ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
cp apps/server2.pem ${D}${PTEST_PATH}/apps
mkdir -p ${D}${PTEST_PATH}/util
--
2.8.2
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] Improve SSL certificate handling
2016-05-23 20:45 [PATCH 0/3] Improve SSL certificate handling Otavio Salvador
` (2 preceding siblings ...)
2016-05-23 20:45 ` [PATCH 3/3] openssl: Ensure SSL certificates are stored on sysconfdir Otavio Salvador
@ 2016-05-26 13:41 ` Richard Purdie
2016-05-27 9:55 ` Otavio Salvador
3 siblings, 1 reply; 8+ messages in thread
From: Richard Purdie @ 2016-05-26 13:41 UTC (permalink / raw)
To: Otavio Salvador, OpenEmbedded Core Mailing List
On Mon, 2016-05-23 at 17:45 -0300, Otavio Salvador wrote:
> This patchset leverage the OpenSSL certificate handling so it works
> aligned with Debian and other generic distributions regarding where
> the certificates are stored and how they are installed.
>
> This all started when debugging why SSL certificates were not working
> properly for a customer which was using QtWebEngine. It turned out to
> be the integration which was not complete so this patch addresses it.
>
>
> Otavio Salvador (3):
> openssl: Add Shell-Script based c_rehash utility
> ca-certificates: Use c_rehash utility
> openssl: Ensure SSL certificates are stored on sysconfdir
Initial tests were ok but we've just seen:
https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/build
s/792/steps/BuildImages/logs/stdio
I've not looked into it but it would seem to implicate these patches :/
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] Improve SSL certificate handling
2016-05-26 13:41 ` [PATCH 0/3] Improve SSL certificate handling Richard Purdie
@ 2016-05-27 9:55 ` Otavio Salvador
2016-05-27 10:10 ` Martin Jansa
0 siblings, 1 reply; 8+ messages in thread
From: Otavio Salvador @ 2016-05-27 9:55 UTC (permalink / raw)
To: Richard Purdie; +Cc: Otavio Salvador, OpenEmbedded Core Mailing List
On Thu, May 26, 2016 at 10:41 AM, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
> On Mon, 2016-05-23 at 17:45 -0300, Otavio Salvador wrote:
>> This patchset leverage the OpenSSL certificate handling so it works
>> aligned with Debian and other generic distributions regarding where
>> the certificates are stored and how they are installed.
>>
>> This all started when debugging why SSL certificates were not working
>> properly for a customer which was using QtWebEngine. It turned out to
>> be the integration which was not complete so this patch addresses it.
>>
>>
>> Otavio Salvador (3):
>> openssl: Add Shell-Script based c_rehash utility
>> ca-certificates: Use c_rehash utility
>> openssl: Ensure SSL certificates are stored on sysconfdir
>
> Initial tests were ok but we've just seen:
>
> https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/build
> s/792/steps/BuildImages/logs/stdio
>
> I've not looked into it but it would seem to implicate these patches :/
It does seem to be caused by it. I sent a v2 fixing it.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] Improve SSL certificate handling
2016-05-27 9:55 ` Otavio Salvador
@ 2016-05-27 10:10 ` Martin Jansa
2016-05-27 10:28 ` Otavio Salvador
0 siblings, 1 reply; 8+ messages in thread
From: Martin Jansa @ 2016-05-27 10:10 UTC (permalink / raw)
To: Otavio Salvador; +Cc: Otavio Salvador, OpenEmbedded Core Mailing List
[-- Attachment #1: Type: text/plain, Size: 1332 bytes --]
On Fri, May 27, 2016 at 06:55:30AM -0300, Otavio Salvador wrote:
> On Thu, May 26, 2016 at 10:41 AM, Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
> > On Mon, 2016-05-23 at 17:45 -0300, Otavio Salvador wrote:
> >> This patchset leverage the OpenSSL certificate handling so it works
> >> aligned with Debian and other generic distributions regarding where
> >> the certificates are stored and how they are installed.
> >>
> >> This all started when debugging why SSL certificates were not working
> >> properly for a customer which was using QtWebEngine. It turned out to
> >> be the integration which was not complete so this patch addresses it.
> >>
> >>
> >> Otavio Salvador (3):
> >> openssl: Add Shell-Script based c_rehash utility
> >> ca-certificates: Use c_rehash utility
> >> openssl: Ensure SSL certificates are stored on sysconfdir
> >
> > Initial tests were ok but we've just seen:
> >
> > https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/build
> > s/792/steps/BuildImages/logs/stdio
> >
> > I've not looked into it but it would seem to implicate these patches :/
>
> It does seem to be caused by it. I sent a v2 fixing it.
v1 was already merged, so you might want to send just rebased fix
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] Improve SSL certificate handling
2016-05-27 10:10 ` Martin Jansa
@ 2016-05-27 10:28 ` Otavio Salvador
0 siblings, 0 replies; 8+ messages in thread
From: Otavio Salvador @ 2016-05-27 10:28 UTC (permalink / raw)
To: Martin Jansa; +Cc: Otavio Salvador, OpenEmbedded Core Mailing List
On Fri, May 27, 2016 at 7:10 AM, Martin Jansa <martin.jansa@gmail.com> wrote:
> On Fri, May 27, 2016 at 06:55:30AM -0300, Otavio Salvador wrote:
>> On Thu, May 26, 2016 at 10:41 AM, Richard Purdie
>> <richard.purdie@linuxfoundation.org> wrote:
>> > On Mon, 2016-05-23 at 17:45 -0300, Otavio Salvador wrote:
>> >> This patchset leverage the OpenSSL certificate handling so it works
>> >> aligned with Debian and other generic distributions regarding where
>> >> the certificates are stored and how they are installed.
>> >>
>> >> This all started when debugging why SSL certificates were not working
>> >> properly for a customer which was using QtWebEngine. It turned out to
>> >> be the integration which was not complete so this patch addresses it.
>> >>
>> >>
>> >> Otavio Salvador (3):
>> >> openssl: Add Shell-Script based c_rehash utility
>> >> ca-certificates: Use c_rehash utility
>> >> openssl: Ensure SSL certificates are stored on sysconfdir
>> >
>> > Initial tests were ok but we've just seen:
>> >
>> > https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/build
>> > s/792/steps/BuildImages/logs/stdio
>> >
>> > I've not looked into it but it would seem to implicate these patches :/
>>
>> It does seem to be caused by it. I sent a v2 fixing it.
>
> v1 was already merged, so you might want to send just rebased fix
Thanks; I sent a new patch for it.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
^ permalink raw reply [flat|nested] 8+ messages in thread