/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.c
954
954
                                                   helper, O_RDONLY));
955
955
    if(helper_fd == -1){
956
956
      perror_plus("openat");
 
957
      close(helperdir_fd);
957
958
      _exit(EX_UNAVAILABLE);
958
959
    }
959
960
    close(helperdir_fd);
2287
2288
 
2288
2289
int main(int argc, char *argv[]){
2289
2290
  mandos_context mc = { .server = NULL, .dh_bits = 0,
2290
 
                        .priority = "SECURE256:!CTYPE-X.509:"
2291
 
                        "+CTYPE-OPENPGP:!RSA", .current_server = NULL,
2292
 
                        .interfaces = NULL, .interfaces_size = 0 };
 
2291
                        .priority = "SECURE256:!CTYPE-X.509"
 
2292
                        ":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
 
2293
                        .current_server = NULL, .interfaces = NULL,
 
2294
                        .interfaces_size = 0 };
2293
2295
  AvahiSServiceBrowser *sb = NULL;
2294
2296
  error_t ret_errno;
2295
2297
  int ret;
2547
2549
        }
2548
2550
      }
2549
2551
      
2550
 
      if(strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
 
2552
      if(dh_params_file != NULL
 
2553
         and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2551
2554
        int dhparams_fd = open(dh_params_file, O_RDONLY);
2552
2555
        if(dhparams_fd == -1){
2553
2556
          perror_plus("open");