/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2019-02-09">
 
5
<!ENTITY TIMESTAMP "2015-06-28">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
36
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
37
      <holder>Teddy Hogeborn</holder>
46
38
      <holder>Björn Påhlsson</holder>
47
39
    </copyright>
546
538
            </para>
547
539
          </listitem>
548
540
        </varlistentry>
549
 
        <varlistentry>
550
 
          <term><filename class="directory"
551
 
          >/lib/mandos/plugins.d</filename></term>
552
 
          <listitem>
553
 
            <para>
554
 
              The default plugin directory; can be changed by the
555
 
              <option>--plugin-dir</option> option.
556
 
            </para>
557
 
          </listitem>
558
 
        </varlistentry>
559
 
        <varlistentry>
560
 
          <term><filename class="directory"
561
 
          >/lib/mandos/plugin-helpers</filename></term>
562
 
          <listitem>
563
 
            <para>
564
 
              The default plugin helper directory; can be changed by
565
 
              the <option>--plugin-helper-dir</option> option.
566
 
            </para>
567
 
          </listitem>
568
 
        </varlistentry>
569
541
      </variablelist>
570
542
    </para>
571
543
  </refsect1>
576
548
      The <option>--config-file</option> option is ignored when
577
549
      specified from within a configuration file.
578
550
    </para>
579
 
    <xi:include href="bugs.xml"/>
580
551
  </refsect1>
581
552
  
582
553
  <refsect1 id="examples">
634
605
      <para>
635
606
 
636
607
<!-- do not wrap this line -->
637
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt,--tls-pubkey=tls-pubkey.pem,--tls-privkey=tls-privkey.pem</userinput>
 
608
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
638
609
 
639
610
      </para>
640
611
    </informalexample>