Sophie: freeradius2-2.1.12-4.el5

freeradius2-2.1.12-4.el5_8.src.rpm

diff -u -r freeradius-server-2.1.12.orig/raddb/certs/bootstrap freeradius-server-2.1.12/raddb/certs/bootstrap
--- freeradius-server-2.1.12.orig/raddb/certs/bootstrap	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12/raddb/certs/bootstrap	2012-01-05 16:41:25.593656314 -0500
@@ -13,6 +13,9 @@
 umask 027
 cd `dirname $0`
 
+# Configure openssl to use our random file, not $HOME/.rnd
+export RANDFILE=random
+
 make -h > /dev/null 2>&1
 
 #
@@ -80,3 +83,6 @@
 if [ ! -f client.crt ]; then
   openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
 fi
+
+chmod 0640 random || exit 1
+chown root:radiusd * || exit 1
diff -u -r freeradius-server-2.1.12.orig/raddb/certs/ca.cnf freeradius-server-2.1.12/raddb/certs/ca.cnf
--- freeradius-server-2.1.12.orig/raddb/certs/ca.cnf	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12/raddb/certs/ca.cnf	2012-01-05 13:50:04.768217147 -0500
@@ -14,9 +14,9 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
-default_days		= 365
+default_days		= 60
 default_crl_days	= 30
-default_md		= md5
+default_md		= sha1
 preserve		= no
 policy			= policy_match
 
diff -u -r freeradius-server-2.1.12.orig/raddb/certs/client.cnf freeradius-server-2.1.12/raddb/certs/client.cnf
--- freeradius-server-2.1.12.orig/raddb/certs/client.cnf	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12/raddb/certs/client.cnf	2012-01-05 13:50:04.768217147 -0500
@@ -14,9 +14,9 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
-default_days		= 365
+default_days		= 60
 default_crl_days	= 30
-default_md		= md5
+default_md		= sha1
 preserve		= no
 policy			= policy_match
 
diff -u -r freeradius-server-2.1.12.orig/raddb/certs/Makefile freeradius-server-2.1.12/raddb/certs/Makefile
--- freeradius-server-2.1.12.orig/raddb/certs/Makefile	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12/raddb/certs/Makefile	2012-01-05 16:40:24.178295246 -0500
@@ -9,6 +9,9 @@
 #
 ######################################################################
 
+# Configure openssl to use our random file, not $HOME/.rnd
+export RANDFILE=random
+
 DH_KEY_SIZE	= 1024
 
 #
@@ -26,8 +29,8 @@
 #  Make the necessary files, but not client certificates.
 #
 ######################################################################
-.PHONY: all
-all: index.txt serial dh random server ca
+.PHONY: all permissions
+all: index.txt serial dh random server ca permissions
 
 .PHONY: client
 client: client.pem
@@ -121,6 +124,10 @@
 		date > ./random; \
 	fi
 
+permissions:
+	@chmod 0640 random
+	@chown root:radiusd *
+
 print:
 	openssl x509 -text -in server.crt
 
diff -u -r freeradius-server-2.1.12.orig/raddb/certs/server.cnf freeradius-server-2.1.12/raddb/certs/server.cnf
--- freeradius-server-2.1.12.orig/raddb/certs/server.cnf	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12/raddb/certs/server.cnf	2012-01-05 13:50:04.769217140 -0500
@@ -14,9 +14,9 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
-default_days		= 365
+default_days		= 60
 default_crl_days	= 30
-default_md		= md5
+default_md		= sha1
 preserve		= no
 policy			= policy_match
 
diff -u -r freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12/raddb/eap.conf
--- freeradius-server-2.1.12.orig/raddb/eap.conf	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12/raddb/eap.conf	2012-01-05 13:50:04.769217140 -0500
@@ -281,7 +281,11 @@
 			# for the server to print out an error message,
 			# and refuse to start.
 			#
-			make_cert_command = "${certdir}/bootstrap"
+			# Redhat RPM's run the bootstrap certificate creation
+			# as part of the RPM install (not upgrade), therefore
+			# the make_cert_command is commented out.
+			#
+			#make_cert_command = "${certdir}/bootstrap"
 
 			#
 			#  Elliptical cryptography configuration