From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sun, 4 Feb 2007 18:13:20 +0300 From: "Konstantin A. Lepikhov" To: ALT Devel discussion list Message-ID: <20070204151320.GB27324@lks.home> Mail-Followup-To: ALT Devel discussion list References: <45B2CFF0.8050200@altlinux.org> <20070121121431.GC15171@basalt.office.altlinux.org> <45B3F4BC.5060801@altlinux.org> <20070121234749.GA31842@basalt.office.altlinux.org> <45B460AF.9020005@altlinux.org> <20070203221625.GD15565@basalt.office.altlinux.org> <45C5E5DB.9040808@altlinux.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Pd0ReVV5GZGQvF3a" Content-Disposition: inline In-Reply-To: <45C5E5DB.9040808@altlinux.org> X-Operation-System: ALT Linux Sisyphus (20070101) 2.6.18-ovz-smp-alt8 User-Agent: Mutt/1.5.13 (2006-08-11) X-AV-Checked: ClamAV using ClamSMTP Subject: Re: [devel] Q: SSL/TLS in ALT Linux X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: ALT Devel discussion list List-Id: ALT Devel discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Feb 2007 15:13:23 -0000 Archived-At: List-Archive: List-Post: --Pd0ReVV5GZGQvF3a Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Mikhail! Sunday 04, at 04:55:39 PM you wrote: > > =EB=C1=CB =D5 =CE=C1=D3 =D0=D2=C9=CE=D1=D4=CF =D7=D7=CF=C4=C9=D4=D8 pol= icy =D7 =C4=C5=CA=D3=D4=D7=C9=C5? >=20 > =F5 =CE=C1=D3 =D3=C5=CA=DE=C1=D3 =C5=D3=D4=D8 =D0=C1=CB=C5=D4 openssl =C9= libssl4/ssl6. > /var/lib/ssl/certs/ca-bundle.crt =CC=C5=D6=C9=D4 =D7 openssl. =F0=D2=C1= =D7=C4=C1 =D6=C9=DA=CE=C9 =D7 =D4=CF=CD, > =DE=D4=CF openssl =CE=C9=CB=D4=CF =CE=C5 requires, =D7=D3=C5 =C8=CF=D4=D1= =D4 =D4=CF=CC=D8=CB=CF =C2=C9=C2=CC=C9=CF=D4=C5=CB=C9 libssl*, =C9, > =D7=C9=C4=C9=CD=CF, =CE=CF=D3=D1=D4 CA bundle =D3 =D3=CF=C2=CF=CA, =CC=C9= =C2=CF =CE=C5 =CE=CF=D3=D1=D4 =C9 =CC=CF=CD=C1=C0=D4=D3=D1, =C5=D3=CC=C9 = =D0=C1=CB=C5=D4 > openssl =D5=C4=C1=CC=C9=D4=D8. >=20 > =F5 =CE=C1=D3 =C5=D3=D4=D8 =CB=D4=CF-=CE=C9=C2=D5=C4=D8, =CB=D4=CF =C2=D5= =C4=C5=D4 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 =CF=C2=DD=C5=C5 =C8=D2=C1=CE= =C9=CC=C9=DD=C5 > =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=CF=D7 CA =C9 =D0=D2=C9 =DC=D4=CF=CD =CE=C5= =C8=CF=DE=C5=D4 =C2=D9=D4=D8 =DA=C1=D7=D1=DA=C1=CE =CE=C1 openssl? =EB=C1= =CB > =CD=C9=CE=C9=CD=D5=CD, =C5=D3=D4=D8 gnutls, =CB=CF=D4=CF=D2=D9=CA =D7=D2= =CF=C4=C5 =C2=D9 =D1=D7=CC=D1=C5=D4=D3=D1 =C1=CC=D8=D4=C5=D2=C1=CE=D4=C9=D7= =CE=CF=CA > =D2=C5=C1=CC=C9=DA=C1=C3=C9=C5=CA - =CE=CF =D4=C1=CD =D4=CF=D6=C5 =D7=D3= =C5 =CE=CF=D3=D1=D4 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=D9 =D3 =D3=CF=C2=CF=CA? =C5=DD=C5 =C5=D3=D4=D8 NSS =C9 =D7=D3=C5, =DE=D4=CF =C5=C7=CF =C9=D3=D0=CF= =CC=D8=DA=D5=C5=D4 (firefox/thunderbird/xulrunner/seamonkey). BTW, =C5=D3=CC=C9 =C4=C9=CD=C1 = =CE=C9=DE=C5=C7=CF =CE=C5 =CD=C5=CE=D1=CC =CF=D4=CE=CF=D3=C9=D4=C5=CC=D8=CE=CF =CD=CF=C5=CA =D3=C2=CF=D2=CB=C9 libssl= , =D4=CF /var/lib/ssl/certs/ca-bundle.crt =C4=CF=CC=D6=C5=CE =C2=D9=D4=D8 =C9=DA NSS.=20 >=20 > =E5=D3=CC=C9 =D4=C1=CB=C9=C8 =CE=C5=D4 - =D4=CF: >=20 > 1.1. =EF=C2=DF=D1=D7=CC=D1=C5=CD =C5=C4=C9=CE=D9=CD =C8=D2=C1=CE=C9=CC=C9= =DD=C5=CD =D4=CF, =DE=D4=CF =D7 =D0=C1=CB=C5=D4=C5 openssl >=20 > =E5=D3=CC=C9 =C5=D3=D4=D8 =D4=C1=CB=C9=C5: >=20 > 1.1. =F7=D9=C4=C5=CC=D1=C5=CD =C8=D2=C1=CE=C9=CC=C9=DD=C5 CA public certs= =D7 =CF=D4=C4=C5=CC=D8=CE=D9=CA noarch-=D0=C1=CB=C5=D4 > 1.2. =F0=C5=D2=C5=D3=CF=C2=C9=D2=C1=C5=CD openssl =D3 =C9=D3=D0=CF=CC=D8= =DA=CF=D7=C1=CE=C9=C5=CD =C8=D2=C1=CE=C9=CC=C9=DD=C1 =C9=DA =DC=D4=CF=C7=CF= =CF=D4=C4=C5=CC=D8=CE=CF=C7=CF > =D0=C1=CB=C5=D4=C1. >=20 > =E4=C1=CC=D8=DB=C5: >=20 > 2.1. =EF=C2=DF=D1=D7=CC=D1=C5=CD =D0=CF=CC=C9=D3=C9 =D7=D3=D4=D5=D0=C9=D7= =DB=C9=CD =D7 =C4=C5=CA=D3=D4=D7=C9=C5, =D0=C5=D2=C5=CE=CF=D3=C9=CD =C5=C7= =CF =D3 > http://www.freesource.info/wiki/Altlinux/Policy =CE=C1 > http://wiki.sisyphus.ru/devel/policy >=20 > 2.2. =F3=CD=CF=D4=D2=C9=CD, =CB=C1=CB=C9=C5 =D0=C1=CB=C5=D4=D9 =D5 =CE=C1= =D3 =CE=CF=D3=D1=D4 =D4=C1=CB=CF=C5 =C8=D2=C1=CE=C9=CC=C9=DD=C5 =D3 =D3=CF= =C2=CF=CA. =F0=CF > =D0=D2=C5=C4=D7=C1=D2=C9=D4=C5=CC=D8=CE=D9=CD =D0=CF=C4=D3=DE=C5=D4=C1=CD= =DC=D4=CF: >=20 > # grep $'\.pem\t' /Sisyphus/i586/base/contents_index >$TMPDIR/suspicious > # grep $'\.crt\t' /Sisyphus/i586/base/contents_index >>$TMPDIR/suspicious > # cut -f2 $TMPDIR/suspicious | sort -u >=20 > MySQL-server =C7=CF=CE. =F4=C1=CD =D4=CF=CC=D8=CB=CF =D0=D2=C9=CD=C5=D2=D9 =D3=C5=D2=D4= =C9=C6=C9=CB=C1=D4=CF=D7. > monit =C1=CE=C1=CC=CF=C7=C9=DE=CE=CF > mutt1.5 > stunnel =C1=CE=C1=CC=CF=C7=C9=DE=CE=CF > uw-imap =C1=CE=C1=CC=CF=C7=C9=DE=CE=CF > 2.3. =EB=C1=D6=C4=D9=CA =C9=DA =DC=D4=C9=C8 =D0=C1=CB=C5=D4=CF=D7 =D3=CD= =CF=D4=D2=C9=CD =C7=CC=C1=DA=C1=CD=C9 (=C2=CC=C1=C7=CF, =C9=C8 =CE=C5=CD=CE= =CF=C7=CF) =C9 > =D2=C1=D3=D3=D9=CC=C1=C5=CD =C9=C8 =CD=C5=CA=CE=D4=C5=CA=CE=C5=D2=C1=CD = =D0=D2=C5=C4=D5=D0=D2=C5=D6=C4=C5=CE=C9=D1 =C9 =C9=CE=D3=D4=D2=D5=CB=C3=C9= =C9, =DE=D4=CF =D4=D2=C5=C2=D5=C5=D4=D3=D1 > =D3=C4=C5=CC=C1=D4=D8. > 2.4. =F6=C4=C5=CD grace time, =C4=CF=D0=D5=D3=D4=C9=CD, =CE=C5=C4=C5=CC= =C0. > 2.5. =F7=C5=DB=C1=C5=CD =C2=C1=C7=C9 + =DE=C9=CE=C9=CD =D3=D7=CF=C9=CD=C9= =D3=C9=CC=C1=CD=C9 =DE=C5=D2=C5=DA NMU. > 2.6. =F7=D7=CF=C4=C9=CD =D7 sisyphus_check =D0=D2=CF=D7=C5=D2=CB=D5: =D0= =CF =D3=CF=C2=D2=C1=CE=CE=CF=CD=D5 =D0=C1=CB=C5=D4=D5 =CE=D5=D6=CE=CF > =D0=D2=CF=CA=D4=C9=D3=D8, =D7 =CB=C1=D6=C4=CF=CD =C6=C1=CA=CC=C5 =D0=CF= =C9=D3=CB=C1=D4=D8 "-----BEGIN CERTIFICATE-----" =C9 > "-----END CERTIFICATE-----". =E5=D3=CC=C9 =D4=C1=CB=CF=C5 =CE=C1=DB=CC=CF= =D3=D8 - =D4=CF =D3 =D0=CF=CD=CF=DD=D8=C0: >=20 > openssl -in =C9=CD=D1=C6=C1=CA=CC=C1 -text -noout -purpose >=20 > =D7=D9=D4=C1=DD=C9=D4=D8 =C9=CE=C6=CF=D2=CD=C1=C3=C9=C0 =D0=CF =D3=C5=D2= =D4=C9=C6=C9=CB=C1=D4=D5 =C9 =D0=CF=D3=CD=CF=D4=D2=C5=D4=D8, =D1=D7=CC=D1= =C5=D4=D3=D1 =CC=C9 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4. > =FC=D4=CF =D0=CF=CC=D5=CD=C5=D2=C1, =CE=C5=C4=CF=D3=D4=C1=D4=CF=DE=CE=C1= =D1 =C4=CC=D1 100% =D5=D7=C5=D2=C5=CE=CE=CF=D3=D4=C9, =CE=CF =D0=CF-=CD=CF= =C5=CD=D5, =DC=D4=CF > =CC=D5=DE=DB=C5, =DE=C5=CD =CE=C9=DE=C5=C7=CF. > 2.7. =F7=D7=CF=C4=C9=CD =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=DD=C9=CA =CD= =C1=CB=D2=CF=D3 relaxed, =DE=D4=CF=C2=D9 =CF=D4=CB=CC=C0=DE=C9=D4=D8 =DC=D4= =D5 =D0=D2=CF=D7=C5=D2=CB=D5. =C2=D2=C5=C4=CF=D7=C1=D1 =DA=C1=D4=C5=D1. =F0=D2=CF=DD=C5 =D7=D0=D2=C1=D7= =CC=D1=D4=D8 =CD=CF=DA=C7=C9 =C1=D0=D3=D4=D2=C9=CD=D5 =CE=C1 =D0=D2=C5=C4= =CD=C5=D4 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=D1 OPENSSL_config(3) =D0=C5=D2=C5=C4 =D0=D2=CF=D7=C5=D2=CB=CF=CA =D3=C5=D2=D4= =C9=C6=C9=CB=C1=D4=CF=D7. --=20 WBR et al. --Pd0ReVV5GZGQvF3a Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFxfgQ3TEpd8GO1nMRAqjnAJ91VrwK9jOu7Yxm0s5sD01wowhQTACfRrKZ fEGeTglDCqrjf+Kb7REhkns= =lx6c -----END PGP SIGNATURE----- --Pd0ReVV5GZGQvF3a--