/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/mandos.lintian-overrides

  • Committer: Teddy Hogeborn
  • Date: 2015-03-10 18:52:09 UTC
  • mto: (237.7.304 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150310185209-lxuovbu09zwyk9bx
Automatically determine the number of DH bits in the TLS handshake.

Instead of using a default value of 1024, check the OpenPGP key and
determine an appropriate number of DH bits to use, (using GnuTLS
functions made for this).  Document this new default behavior.

* plugins.d/mandos-client.c (safe_string): New function.
  (init_gnutls_global): If not specified, determine the number of DH
                        bits to use, based on the OpenPGP key.
* plugins.d/mandos-client.xml (OPTIONS): Document this new default of
                                         the --dh-bits option.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
# it, so it must be kept unreadable for non-root users.
3
3
#
4
4
mandos binary: non-standard-file-perm etc/mandos/clients.conf 0600 != 0644
5
 
mandos: init.d-script-needs-depends-on-lsb-base etc/init.d/mandos (line 46)
6
 
 
7
 
# The debconf templates is only used for displaying information
8
 
# detected in the postinst, not for saving answers to questions, so we
9
 
# don't need a .config file.
10
 
mandos binary: no-debconf-config
11
 
 
12
 
# The notice displayed from the postinst script really is critical
13
 
mandos binary: postinst-uses-db-input