[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Plans to deploy openssl-blacklist in Debian? (was: Re: ssh-vulnkey and authorized_keys)

On Thu, May 15, 2008 at 09:31:25PM -0300, Felipe Augusto van de Wiel (faw) wrote:
> On 15-05-2008 20:43, Chris Adams wrote:
> > 
> > On May 15, 2008, at 6:25 PM, Alex Samad wrote:
> >> is there away to check x509 certs with these tools ?
> > 
> > Yes - the wiki has one (http://wiki.debian.org/SSLkeys) but you might
> > prefer the openssl-blacklist package which Ubuntu prepared:
> > 
> > https://launchpad.net/ubuntu/+source/openssl-blacklist/
> > 
> > It runs out of the box on Debian and if you edit debian/control to
> > change the openssl dependency from the Ubuntu version
> > (0.9.8g-4ubuntu3.1) to the Debian version (0.9.8c-4etch3) you can
> > dpkg-buildpackage it and deploy it to multiple systems. I used it like
> > this to flush out Apache keys:
> > 
> > sudo find /etc/ -xdev -type f -name \*.key -exec openssl-vulnkey {} \;
> 
> 	Speaking about that, are there plans to deploy
> openssl-blacklist in Debian as an official package?

Yes, I'll do that as part of the changes required in OpenVPN due to the
OpenSSL bug. Coming shortly.

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3
Reply to: