From d614e8aa11f9520416f7ef10f93a29670efe1505 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 21 Sep 2017 14:55:16 -0400
Subject: Require sscg 2.2.0 for creating service and CA certificates together

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
 httpd-ssl-gencerts | 7 ++-----
 httpd.spec         | 7 +++++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/httpd-ssl-gencerts b/httpd-ssl-gencerts
index 67b6d9a..371a838 100755
--- a/httpd-ssl-gencerts
+++ b/httpd-ssl-gencerts
@@ -5,18 +5,15 @@ set -e
 FQDN=`hostname`
 
 if test -f /etc/pki/tls/certs/localhost.crt -o \
-        -f /etc/pki/tls/private/localhost.key -o \
-        -f /etc/pki/tls/certs/localhost-ca.crt; then
+        -f /etc/pki/tls/private/localhost.key; then
     exit 1
 fi
 
 sscg -q                                                             \
      --cert-file           /etc/pki/tls/certs/localhost.crt         \
      --cert-key-file       /etc/pki/tls/private/localhost.key       \
-     --ca-file             /etc/pki/tls/certs/localhost-ca.crt      \
+     --ca-file             /etc/pki/tls/certs/localhost.crt         \
      --lifetime            365                                      \
      --hostname            $FQDN                                    \
      --email               root@$FQDN
 
-# mod_ssl will send the CA cert if it's appended to the server cert.
-cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt
diff --git a/httpd.spec b/httpd.spec
index 65884a8..6cff5f7 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.27
-Release: 10%{?dist}
+Release: 11%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -158,7 +158,7 @@ BuildRequires: openssl-devel
 Requires(post): openssl, /bin/cat, hostname
 Requires(pre): httpd-filesystem
 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires: sscg >= 2.1.0
+Requires: sscg >= 2.2.0
 Obsoletes: stronghold-mod_ssl
 # Require an OpenSSL which supports PROFILE=SYSTEM
 Conflicts: openssl-libs < 1:1.0.1h-4
@@ -689,6 +689,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11
+- Require sscg 2.2.0 for creating service and CA certificates together
+
 * Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10
 - Address CVE-2017-9798 by applying patch from upstream (#1490344)
 
-- 
cgit