/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to overview.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 08:41:14 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 372.
  • Revision ID: teddy@recompile.se-20190210084114-u91mijrxtifvzra5
Bug fix: Only create TLS key with certtool, and read correct key file

* debian/mandos-client.postinst (create_keys): Remove any bad keys
                                               created by 1.8.0-1.
                                               Only create TLS keys if
                                               certtool succeeds.
* debian/mandos.postinst (configure): Remove any bad keys from
                                      clients.conf, and inform the
                                      user if any were found.
* debian/mandos.templates (mandos/removed_bad_key_ids): New message.
* mandos (MandosServer.handle_ipc): Do not trust a key_id with a known
                                    bad key ID.
* mandos-keygen (keygen): Only create TLS keys if certtool succeeds.
  (password): Bug fix: Generate key_id correctly, and only output
              key_id if TLS key exists.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
<?xml version="1.0" encoding="UTF-8"?>
 
2
<!DOCTYPE para PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
 
4
<para>
 
5
  This is part of the Mandos system for allowing computers to have
 
6
  encrypted root file systems and at the same time be capable of
 
7
  remote and/or unattended reboots.  The computers run a small client
 
8
  program in the initial <acronym>RAM</acronym> disk environment which
 
9
  will communicate with a server over a network.  All network
 
10
  communication is encrypted using <acronym>TLS</acronym>.  The
 
11
  clients are identified by the server using a TLS key; each client
 
12
  has one unique to it.  The server sends the clients an encrypted
 
13
  password.  The encrypted password is decrypted by the clients using
 
14
  a separate OpenPGP key, and the password is then used to unlock the
 
15
  root file system, whereupon the computers can continue booting
 
16
  normally.
 
17
</para>