/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos-client.README.Debian

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files removed:
bugs.xml

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

debian/mandos-client.README.Debian

43

43

automatically detected. If this should result in incorrect

44

44

interfaces, edit the DEVICE setting in the

45

45

"/etc/initramfs-tools/initramfs.conf" file. (The default setting is

46

empty, meaning it will autodetect the interfaces.) *If* the DEVICE

46

empty, meaning it will autodetect the interface.) *If* the DEVICE

47

47

setting is changed, it will be necessary to update the initrd image

48

by running this command:

48

by running the command

49

49

50

50

update-initramfs -k all -u

51

51

90

90

"mandos=connect:<IP_ADDRESS>:<PORT_NUMBER>" on the kernel command

91

91

line.

92

92

93

For very advanced users, it is possible to specify simply

93

For very advanced users, it it possible to specify simply

94

94

"mandos=connect" on the kernel command line to make the system only

95

95

set up the network (using the data in the "ip=" option) and not pass

96

96

any extra "--connect" options to mandos-client at boot. For this to

106

106

policy or other reasons, simply replace the existing dhparams.pem

107

107

file and update the initital RAM disk image.

108

108

109

-- Teddy Hogeborn <teddy@recompile.se>, Tue, 21 Jun 2016 21:43:49 +0200

109

-- Teddy Hogeborn <teddy@recompile.se>, Sun, 12 Jul 2015 03:24:24 +0200

Older »