[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))



At Thu, 15 May 2008 21:13:06 -0300,
Henrique de Moraes Holschuh wrote:
> On Thu, 15 May 2008, Debian Bug Tracking System wrote:
> > Debian's CUPS has used GNUTLS instead of OpenSSL by default.
> 
> That doesn't make any difference if the certificate it is using was
> generated by openssl.   Is that certificate under the local admin
> control?   If it is, cupsys can also be affected.

Yes, admins can replace the key by themselves with their responsibility
(but I haven't tried it).

Because SSLkeys Wiki page focuses the weak keys made by Debian official
packages at this time, I don't think it is valuable to describe about CUPS
there.

Thanks,
-- 
Kenshi Muto
kmuto@debian.org




Reply to: