GH1536: Install empty CT log list (c7af65c7) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Configurations/descrip.mms.tmpl

+6 −0

Original line number	Diff line number	Diff line
		@@ -383,6 +383,12 @@ install_ssldirs : check_INSTALLTOP
		IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
		COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
		ossl_dataroot:[000000]openssl.cnf
		@ ! Install CTLOG configuration file
		COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
		ossl_dataroot:[000000]ct_log_list.cnf-dist
		IF F$SEARCH("OSSL_DATAROOT:[000000]ct_log_list.cnf") .EQS. "" THEN -
		COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
		ossl_dataroot:[000000]ct_log_list.cnf

		install_shared : check_INSTALLTOP
		@ {- output_off() if $disabled{shared}; "" -} !

Configurations/unix-Makefile.tmpl

+10 −1

Original line number	Diff line number	Diff line
		@@ -350,11 +350,20 @@ install_ssldirs:
		@cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
		@chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
		@mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
		@if ! [ -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
		@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
		echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
		cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
		chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
		fi
		@echo "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
		@cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
		@chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
		@mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist
		@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \
		echo "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
		cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
		chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
		fi

		install_dev:
		@[ -n "$(INSTALLTOP)" ] \|\| (echo INSTALLTOP should not be empty; exit 1)

Configurations/windows-makefile.tmpl

+5 −0

Original line number	Diff line number	Diff line
		@@ -263,6 +263,11 @@ install_ssldirs:
		"$(OPENSSLDIR)\openssl.cnf"
		@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
		"$(OPENSSLDIR)\misc"
		@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
		"$(OPENSSLDIR)\ct_log_list.cnf.dist"
		@IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \
		"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
		"$(OPENSSLDIR)\ct_log_list.cnf"

		install_dev:
		@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )

apps/ct_log_list.cnf

+9 −34

Original line number	Diff line number	Diff line
		enabled_logs=pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi

		[pilot]
		description = Google Pilot Log
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==

		[aviator]
		description = Google Aviator log
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==

		[rocketeer]
		description = Google Rocketeer log
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==

		[digicert]
		description = DigiCert Log Server
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==

		[certly]
		description = Certly.IO log
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==

		[izempe]
		description = Izempe log
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==

		[symantec]
		description = Symantec log
		key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==

		[venafi]
		description = Venafi log
		key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB

		# This file specifies the Certificate Transparency logs
		# that are to be trusted.

		# Google's list of logs can be found here:
		# www.certificate-transparency.org/known-logs
		# A Python program to convert the log list to OpenSSL's format can be
		# found here:
		# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
		# Use the "--openssl_output" flag.