Bug fix: Only create TLS key with certtool, and read correct key file
* debian/mandos-client.postinst (create_keys): Remove any bad keys created by 1.8.0-1. Only create TLS keys if certtool succeeds. * debian/mandos.postinst (configure): Remove any bad keys from clients.conf, and inform the user if any were found. * debian/mandos.templates (mandos/removed_bad_key_ids): New message. * mandos (MandosServer.handle_ipc): Do not trust a key_id with a known bad key ID. * mandos-keygen (keygen): Only create TLS keys if certtool succeeds. (password): Bug fix: Generate key_id correctly, and only output key_id if TLS key exists.
if ! dpkg-statoverride --list "/var/lib/mandos" >/dev/null \
54
2>&1; then
55
chown _mandos:_mandos /var/lib/mandos
56
chmod u=rwx,go= /var/lib/mandos
57
fi
58
59
if dpkg --compare-versions "$2" eq "1.8.0-1" \
60
|| dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
61
if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then