/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files removed:
bugs.xml

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-clients.conf.xml

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

4

<!ENTITY CONFNAME "mandos-clients.conf">

5

5

<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">

6

<!ENTITY TIMESTAMP "2017-02-23">

6

<!ENTITY TIMESTAMP "2014-06-22">

7

7

<!ENTITY % common SYSTEM "common.ent">

8

8

%common;

9

9

]>

37

37

<year>2010</year>

38

38

<year>2011</year>

39

39

<year>2012</year>

40

<year>2013</year>

41

<year>2014</year>

42

<year>2015</year>

43

<year>2016</year>

44

<year>2017</year>

45

40

<holder>Teddy Hogeborn</holder>

46

41

<holder>Björn Påhlsson</holder>

47

42

</copyright>

231

226

<para>

232

227

This option sets the OpenPGP fingerprint that identifies

233

228

the public key that clients authenticate themselves with

234

through TLS. The string needs to be in hexadecimal form,

229

through TLS. The string needs to be in hexidecimal form,

235

230

but spaces or upper/lower case are not significant.

236

231

</para>

237

232

</listitem>

464

459

<literal>%(<replaceable>foo</replaceable>)s</literal> is

465

460

obscure.

466

461

</para>

467

<xi:include href="bugs.xml"/>

468

462

</refsect1>

469

463

470

464

<refsect1 id="example">

Older »