CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

freeradius: fix the existed certificate error

Browse Source 
Fixes the occasional error:
 # cd /etc/raddb/certs
 # ./bootstrap
[snip]
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
The matching entry has the following details
Type          :Valid
Expires on    :200908024833Z
Serial Number :02
File name     :unknown
Subject Name  :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
make: *** [Makefile:128: client.crt] Error 1

Add the check to fix the above error and it does the same for server.crt.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0d7522b7df)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Mingli Yu 2020-07-13 15:55:32 +08:00 committed by Armin Kuster
parent 1e19fc4d9c
commit fd0d398fe7
2 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch Normal file
View File

@ -0,0 +1,55 @@
From 084f5467672f2ae37003b77e8f8706772f3da3ec Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Mon, 13 Jul 2020 07:01:45 +0000
Subject: [PATCH] raddb/certs/Makefile: fix the existed certificate error
Fixes:
# ./bootstrap
[snip]
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
The matching entry has the following details
Type :Valid
Expires on :200908024833Z
Serial Number :02
File name :unknown
Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
make: *** [Makefile:128: client.crt] Error 1
Add the check to fix the above error and it does the same for server.crt.
Upstream-Status: Pending
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
raddb/certs/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index 5cbfd467ce..77eec9baa1 100644
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -92,7 +92,7 @@ server.csr server.key: server.cnf
chmod g+r server.key
server.crt: server.csr ca.key ca.pem
- $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
+ @[ -f server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
server.p12: server.crt
$(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
@@ -117,7 +117,7 @@ client.csr client.key: client.cnf
chmod g+r client.key
client.crt: client.csr ca.pem ca.key
- $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
+ @[ -f client.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
client.p12: client.crt
$(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
--
2.26.2

1
meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb
View File

@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0
file://freeradius-fix-error-for-expansion-of-macro.patch \
file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \
file://0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch \
file://radiusd.service \
file://radiusd-volatiles.conf \
"