Do not create SHA-1 certificates anymore

as many systems in the world still default to create SHA-1 certs if
hash algorithm is not specified explicitly.
This commit is contained in:
Koichiro IWAO 2016-11-16 17:24:26 +09:00
parent 9deaa078fc
commit 7196094016

View File

@ -19,7 +19,7 @@ xrdpsysconfdir = $(sysconfdir)/xrdp
install-data-hook: install-data-hook:
umask 077 && \ umask 077 && \
if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini ]; then ./xrdp-keygen xrdp $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini; fi && \ if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini ]; then ./xrdp-keygen xrdp $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini; fi && \
if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/cert.pem ]; then openssl req -x509 -newkey rsa:2048 -nodes -keyout $(DESTDIR)$(xrdpsysconfdir)/key.pem -out $(DESTDIR)$(xrdpsysconfdir)/cert.pem -days 365 -subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org; fi if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/cert.pem ]; then openssl req -x509 -newkey rsa:2048 -sha256 -nodes -keyout $(DESTDIR)$(xrdpsysconfdir)/key.pem -out $(DESTDIR)$(xrdpsysconfdir)/cert.pem -days 365 -subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org; fi
uninstall-hook: uninstall-hook:
rm -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini rm -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini