/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2011-02-27">
 
5
<!ENTITY TIMESTAMP "2012-06-22">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2010</year>
35
35
      <year>2011</year>
 
36
      <year>2012</year>
36
37
      <holder>Teddy Hogeborn</holder>
37
38
      <holder>Björn Påhlsson</holder>
38
39
    </copyright>
95
96
      </group>
96
97
      <sbr/>
97
98
      <group>
 
99
        <arg choice="plain"><option>--extended-timeout
 
100
        <replaceable>TIME</replaceable></option></arg>
 
101
      </group>
 
102
      <sbr/>
 
103
      <group>
98
104
        <arg choice="plain"><option>--interval
99
105
        <replaceable>TIME</replaceable></option></arg>
100
106
        <arg choice="plain"><option>-i
189
195
        <arg choice="plain"><option>-v</option></arg>
190
196
      </group>
191
197
    </cmdsynopsis>
 
198
    <cmdsynopsis>
 
199
      <command>&COMMANDNAME;</command>
 
200
      <arg choice="plain"><option>--check</option></arg>
 
201
    </cmdsynopsis>
192
202
  </refsynopsisdiv>
193
203
  
194
204
  <refsect1 id="description">
318
328
          </para>
319
329
        </listitem>
320
330
      </varlistentry>
 
331
 
 
332
      <varlistentry>
 
333
        <term><option>--extended-timeout
 
334
        <replaceable>TIME</replaceable></option></term>
 
335
        <listitem>
 
336
          <para>
 
337
            Set the <varname>extended_timeout</varname> option of the
 
338
            specified client(s); see <citerefentry><refentrytitle
 
339
            >mandos-clients.conf</refentrytitle><manvolnum
 
340
            >5</manvolnum></citerefentry>.
 
341
          </para>
 
342
        </listitem>
 
343
      </varlistentry>
321
344
      
322
345
      <varlistentry>
323
346
        <term><option>--interval
457
480
        </listitem>
458
481
      </varlistentry>
459
482
      
 
483
      <varlistentry>
 
484
        <term><option>--check</option></term>
 
485
        <listitem>
 
486
          <para>
 
487
            Run self-tests.  This includes any unit tests, etc.
 
488
          </para>
 
489
        </listitem>
 
490
      </varlistentry>
 
491
      
460
492
    </variablelist>
461
493
  </refsect1>
462
494
  
554
586
  <refsect1 id="see_also">
555
587
    <title>SEE ALSO</title>
556
588
    <para>
 
589
      <citerefentry><refentrytitle>intro</refentrytitle>
 
590
      <manvolnum>8mandos</manvolnum></citerefentry>,
557
591
      <citerefentry><refentrytitle>mandos</refentrytitle>
558
592
      <manvolnum>8</manvolnum></citerefentry>,
559
593
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>