Skip to content
Snippets Groups Projects
Commit 3bf2c6b3 authored by Rocky Automation's avatar Rocky Automation :tv:
Browse files

import openwsman-2.6.5-10.el8

parents
No related branches found
Tags imports/r9/python3.11-3.11.7-1.el9_4.1
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 523 additions and 0 deletions
.gitignore 0 → 100644
+ 2
0
View file @ 3bf2c6b3
SOURCES/openwsmand.8.gz
SOURCES/v2.6.5.tar.gz
.openwsman.checksum 0 → 100644
+ 1
0
View file @ 3bf2c6b3
Direct Git Import
.openwsman.metadata 0 → 100644
+ 2
0
View file @ 3bf2c6b3
9fd2fdef84c2f85e47d301c4f3d4fd8603bb663a14590cf1aaba1268fbf071f5 SOURCES/openwsmand.8.gz
e6ca56b6ed89253911744eedbd33434acb20db83fe3d2cb51e597971ee833a30 SOURCES/v2.6.5.tar.gz
SOURCES/openwsman-2.4.0-pamsetup.patch 0 → 100644
+ 16
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman
--- openwsman-2.6.1/etc/pam/openwsman.pamsetup 2015-08-27 15:46:46.000000000 +0200
+++ openwsman-2.6.1/etc/pam/openwsman 2015-08-31 16:08:28.166913889 +0200
@@ -1,7 +1,7 @@
#%PAM-1.0
-auth required pam_unix2.so nullok
+auth required pam_unix.so nullok
auth required pam_nologin.so
-account required pam_unix2.so
-password required pam_pwcheck.so nullok
-password required pam_unix2.so nullok use_first_pass use_authtok
-session required pam_unix2.so none
+account required pam_unix.so
+password required pam_pwquality.so
+password required pam_unix.so nullok use_first_pass use_authtok
+session required pam_unix.so
SOURCES/openwsman-2.4.12-ruby-binding-build.patch 0 → 100644
+ 12
0
View file @ 3bf2c6b3
diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb
--- openwsman-2.4.12/bindings/ruby/extconf.rb.orig 2015-02-09 09:28:58.232581263 +0100
+++ openwsman-2.4.12/bindings/ruby/extconf.rb 2015-02-09 09:38:22.836772879 +0100
@@ -32,7 +32,7 @@ swig = find_executable("swig")
raise "SWIG not found" unless swig
major, minor, path = RUBY_VERSION.split(".")
-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i")
$CPPFLAGS = "-I/usr/include/openwsman -I.."
SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch 0 → 100644
+ 162
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-01-23 13:14:59.357153453 +0100
@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
{
unsigned char *thumbprint = (unsigned char *)arg;
- X509 *cert = ctx->cert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest = (EVP_MD*)EVP_sha1( );
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+#else
+ X509 *cert = ctx->cert;
+#endif
+ if(!cert)
+ return 0;
+
if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
return 0;
if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/compat_unix.h 2018-01-23 13:14:59.357153453 +0100
@@ -27,10 +27,6 @@
pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
#endif /* !NO_THREADS */
-#ifndef SSL_LIB
-#define SSL_LIB "libssl.so"
-#endif
-
#define DIRSEP '/'
#define IS_DIRSEP_CHAR(c) ((c) == '/')
#define O_BINARY 0
diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c
--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/io_ssl.c 2018-01-23 13:14:59.357153453 +0100
@@ -11,23 +11,6 @@
#include "defs.h"
#if !defined(NO_SSL)
-struct ssl_func ssl_sw[] = {
- {"SSL_free", {0}},
- {"SSL_accept", {0}},
- {"SSL_connect", {0}},
- {"SSL_read", {0}},
- {"SSL_write", {0}},
- {"SSL_get_error", {0}},
- {"SSL_set_fd", {0}},
- {"SSL_new", {0}},
- {"SSL_CTX_new", {0}},
- {"SSLv23_server_method", {0}},
- {"SSL_library_init", {0}},
- {"SSL_CTX_use_PrivateKey_file", {0}},
- {"SSL_CTX_use_certificate_file",{0}},
- {NULL, {0}}
-};
-
void
_shttpd_ssl_handshake(struct stream *stream)
{
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-01-23 13:16:13.738228773 +0100
@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
int retval = FALSE;
EC_KEY* key;
- /* Load SSL library dynamically */
- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
- return (FALSE);
- }
-
- for (fp = ssl_sw; fp->name != NULL; fp++)
- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
- return (FALSE);
- }
-
/* Initialize SSL crap */
+ debug("Initialize SSL");
+ SSL_load_error_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ OPENSSL_init_ssl(0, NULL);
+#else
SSL_library_init();
+#endif
if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch
if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
debug("SSL: disable %s protocol", protocols[idx].name);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_options(CTX, protocols[idx].opt);
+#else
SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
+#endif
break;
}
}
diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/ssl.h 2018-01-23 13:14:59.358153454 +0100
@@ -12,50 +12,4 @@
#include <openssl/ssl.h>
-#else
-
-/*
- * Snatched from OpenSSL includes. I put the prototypes here to be independent
- * from the OpenSSL source installation. Having this, shttpd + SSL can be
- * built on any system with binary SSL libraries installed.
- */
-
-typedef struct ssl_st SSL;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_ctx_st SSL_CTX;
-
-#define SSL_ERROR_WANT_READ 2
-#define SSL_ERROR_WANT_WRITE 3
-#define SSL_ERROR_SYSCALL 5
-#define SSL_FILETYPE_PEM 1
-
#endif
-
-/*
- * Dynamically loaded SSL functionality
- */
-struct ssl_func {
- const char *name; /* SSL function name */
- union variant ptr; /* Function pointer */
-};
-
-extern struct ssl_func ssl_sw[];
-
-#define FUNC(x) ssl_sw[x].ptr.v_func
-
-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x)
-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x)
-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x)
-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
-#define SSL_write(x,y,z) \
- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y))
-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
-#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
- const char *, int)) FUNC(11))((x), (y), (z))
-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \
- const char *, int)) FUNC(12))((x), (y), (z))
SOURCES/openwsman-2.6.5-CVE-2019-3816.patch 0 → 100644
+ 79
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2019-03-13 10:20:07.376527798 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2019-03-13 10:20:07.380527801 +0100
@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
}
static void
-remove_double_dots(char *s)
+remove_all_leading_dots(char *s)
{
char *p = s;
+ while (*s != '\0' && *s == '.') s++;
+
while (*s != '\0') {
*p++ = *s++;
if (s[-1] == '/' || s[-1] == '\\')
@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
*c->query++ = '\0';
_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
- remove_double_dots(c->uri);
+ remove_all_leading_dots(c->uri);
root = c->ctx->options[OPT_ROOT];
if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
+ DBG(("decide_what_to_do -> processed path: [%s]", path));
/* User may use the aliases - check URI for mount point */
if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
_shttpd_setup_embedded_stream(c,
ruri->callback, ruri->callback_data);
- } else
+ } else {
+ _shttpd_send_server_error(c, 403, "Forbidden");
+ }
+#if 0
if (strstr(path, HTPASSWD)) {
/* Do not allow to view passwords files */
_shttpd_send_server_error(c, 403, "Forbidden");
@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
} else {
_shttpd_send_server_error(c, 500, "Internal Error");
}
+#endif
}
static int
diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c
--- openwsman-2.6.5/src/server/wsmand.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/wsmand.c 2019-03-13 10:20:07.380527801 +0100
@@ -198,6 +198,10 @@ static void daemonize(void)
int fd;
char *pid;
+ /* Change our CWD to / */
+ i = chdir("/");
+ assert(i == 0);
+
if (wsmand_options_get_foreground_debug() > 0) {
return;
}
@@ -214,10 +218,6 @@ static void daemonize(void)
log_pid = 0;
setsid();
- /* Change our CWD to / */
- i=chdir("/");
- assert(i == 0);
-
/* Close all file descriptors. */
for (i = getdtablesize(); i >= 0; --i)
close(i);
SOURCES/openwsman-2.6.5-CVE-2019-3833.patch 0 → 100644
+ 94
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2020-05-11 11:10:04.783971915 +0200
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2020-05-11 11:10:04.786971932 +0200
@@ -705,11 +705,11 @@ parse_http_request(struct conn *c)
_shttpd_send_server_error(c, 500, "Cannot allocate request");
}
+ io_inc_tail(&c->rem.io, req_len);
+
if (c->loc.flags & FLAG_CLOSED)
return;
- io_inc_tail(&c->rem.io, req_len);
-
DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
c->rem.flags |= FLAG_HEADERS_PARSED;
@@ -975,7 +975,7 @@ write_stream(struct stream *from, struct
}
-static void
+static int
connection_desctructor(struct llhead *lp)
{
struct conn *c = LL_ENTRY(lp, struct conn, link);
@@ -999,7 +999,8 @@ connection_desctructor(struct llhead *lp
* Check the "Connection: " header before we free c->request
* If it its 'keep-alive', then do not close the connection
*/
- do_close = (c->ch.connection.v_vec.len >= vec.len &&
+ do_close = c->rem.flags & FLAG_CLOSED ||
+ (c->ch.connection.v_vec.len >= vec.len &&
!_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
(c->major_version < 1 ||
(c->major_version >= 1 && c->minor_version < 1));
@@ -1021,7 +1022,7 @@ connection_desctructor(struct llhead *lp
io_clear(&c->loc.io);
c->birth_time = _shttpd_current_time;
if (io_data_len(&c->rem.io) > 0)
- process_connection(c, 0, 0);
+ return 1;
} else {
if (c->rem.io_class != NULL)
c->rem.io_class->close(&c->rem);
@@ -1032,6 +1033,8 @@ connection_desctructor(struct llhead *lp
free(c);
}
+
+ return 0;
}
static void
@@ -1039,7 +1042,7 @@ worker_destructor(struct llhead *lp)
{
struct worker *worker = LL_ENTRY(lp, struct worker, link);
- free_list(&worker->connections, connection_desctructor);
+ free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
free(worker);
}
@@ -1072,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max
static void
process_connection(struct conn *c, int remote_ready, int local_ready)
{
+again:
+
/* Read from remote end if it is ready */
if (remote_ready && io_space_len(&c->rem.io))
read_stream(&c->rem);
@@ -1100,7 +1105,11 @@ process_connection(struct conn *c, int r
if ((_shttpd_current_time > c->expire_time) ||
(c->rem.flags & FLAG_CLOSED) ||
((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
- connection_desctructor(&c->link);
+ if (connection_desctructor(&c->link)) {
+ remote_ready = 0;
+ local_ready = 0;
+ goto again;
+ }
}
static int
@@ -1640,7 +1649,7 @@ worker_function(void *param)
while (worker->exit_flag == 0)
poll_worker(worker, 1000 * 10);
- free_list(&worker->connections, connection_desctructor);
+ free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
free(worker);
}
SOURCES/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch 0 → 100644
+ 12
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2018-02-21 10:53:24.964163710 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-02-21 10:53:31.854162875 +0100
@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
if (ssl_cipher_list) {
int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
- if (rc != 0) {
+ if (rc != 1) {
_shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
}
}
SOURCES/openwsman-2.6.5-http-status-line.patch 0 → 100644
+ 39
0
View file @ 3bf2c6b3
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig 2016-07-27 16:03:55.000000000 +0200
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c 2018-01-22 13:05:04.478923300 +0100
@@ -344,6 +344,35 @@ DONE:
if (fault_reason == NULL) {
// this is a way to segfault, investigate
//fault_reason = shttpd_reason_phrase(status);
+ // ugly workaround follows...
+ switch (status) {
+ case 200:
+ fault_reason = "OK";
+ break;
+ case 400:
+ fault_reason = "Bad request";
+ break;
+ case 401:
+ fault_reason = "Unauthorized";
+ break;
+ case 403:
+ fault_reason = "Forbidden";
+ break;
+ case 404:
+ fault_reason = "Not found";
+ break;
+ case 500:
+ fault_reason = "Internal Error";
+ break;
+ case 501:
+ fault_reason = "Not implemented";
+ break;
+ case 415:
+ fault_reason = "Unsupported Media Type";
+ break;
+ default:
+ fault_reason = "";
+ }
}
debug("Response status=%d (%s)", status, fault_reason);
SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch 0 → 100644
+ 56
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2022-09-08 10:36:46.265107915 +0200
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2022-09-08 10:36:46.273107919 +0200
@@ -452,6 +452,7 @@ wsmc_handler( WsManClient *cl,
long http_code;
long auth_avail = 0;
char *_user = NULL, *_pass = NULL;
+ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */
u_buf_t *response = NULL;
//char *soapaction;
char *tmp_str = NULL;
@@ -551,6 +552,7 @@ wsmc_handler( WsManClient *cl,
_user = wsmc_get_user(cl);
_pass = wsmc_get_password(cl);
if (_user && _pass && cl->data.auth_set) {
+ _no_auth = 0;
r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
if (r != CURLE_OK) {
cl->fault_string = u_strdup(curl_easy_strerror(r));
@@ -571,6 +573,11 @@ wsmc_handler( WsManClient *cl,
curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
goto DONE;
}
+ } else {
+ /* request without user credentials, remember this for
+ * later use when it might become necessary to print an error message
+ */
+ _no_auth = 1;
}
if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
@@ -603,6 +610,24 @@ wsmc_handler( WsManClient *cl,
break;
case 401:
// The server requires authentication.
+ /* RFC 2616 states:
+ *
+ * If the request already included Authorization credentials, then the 401
+ * response indicates that authorization has been refused for those
+ * credentials. If the 401 response contains the same challenge as the
+ * prior response, and the user agent has already attempted
+ * authentication at least once, then the user SHOULD be presented the
+ * entity that was given in the response, since that entity might
+ * include relevant diagnostic information.
+ */
+ if (_no_auth == 0) {
+ /* no authentication credentials were used. It is only
+ * possible to write a message about the current situation. There
+ * is no information about the last attempt to access the resource.
+ * Maybe at a later point in time I will implement more state information.
+ */
+ fprintf(stdout,"Authentication failed, please retry\n");
+ }
break;
default:
// The status code does not indicate success.
SOURCES/openwsman-2.6.5-update-ssleay-conf.patch 0 → 100644
+ 15
0
View file @ 3bf2c6b3
diff -up openwsman-2.6.5/etc/ssleay.cnf.orig openwsman-2.6.5/etc/ssleay.cnf
--- openwsman-2.6.5/etc/ssleay.cnf.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/etc/ssleay.cnf 2023-07-10 10:00:44.713426317 +0200
@@ -2,10 +2,8 @@
# SSLeay example configuration file.
#
-RANDFILE = /dev/random
-
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
SOURCES/openwsmand.service 0 → 100644
+ 12
0
View file @ 3bf2c6b3
[Unit]
Description=Openwsman WS-Management Service
After=syslog.target
[Service]
Type=forking
ExecStart=/usr/sbin/openwsmand -S
ExecStartPre=/etc/openwsman/owsmantestcert.sh
PIDFile=/var/run/wsmand.pid
[Install]
WantedBy=multi-user.target
SOURCES/owsmantestcert.sh 0 → 100644
+ 21
0
View file @ 3bf2c6b3
#!/bin/bash
if [ ! -f "/etc/openwsman/serverkey.pem" ]; then
if [ -f "/etc/ssl/servercerts/servercert.pem" \
-a -f "/etc/ssl/servercerts/serverkey.pem" ]; then
echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman
exit 0
else
echo "FAILED: Starting openwsman server"
echo "There is no ssl server key available for openwsman server to use."
echo -e "Please generate one with the following script and start the openwsman service again:\n"
echo "##################################"
echo "/etc/openwsman/owsmangencert.sh"
echo "================================="
echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
echo " If this takes too long, you can replace the value of \"RANDFILE\" in /etc/openwsman/ssleay.cnf with /dev/urandom. Please understand the implications of replacing the RNADFILE."
exit 1
fi
fi
SPECS/openwsman.spec 0 → 100644
+ 0
0
View file @ 3bf2c6b3
This diff is collapsed.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment