From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 7 Feb 2007 01:58:43 +0300 From: "Dmitry V. Levin" To: ALT Devel discussion list Message-ID: <20070206225843.GA16212@nomad.office.altlinux.org> Mail-Followup-To: ALT Devel discussion list References: <45B2CFF0.8050200@altlinux.org> <20070121121431.GC15171@basalt.office.altlinux.org> <45B3F4BC.5060801@altlinux.org> <20070121234749.GA31842@basalt.office.altlinux.org> <45B460AF.9020005@altlinux.org> <20070203221625.GD15565@basalt.office.altlinux.org> <45C5E5DB.9040808@altlinux.org> <20070204151320.GB27324@lks.home> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline In-Reply-To: <20070204151320.GB27324@lks.home> X-fingerprint: FE4C 93AB E19A 2E4C CB5D 3E4E 7CAB E6AC 9E35 361E Subject: Re: [devel] Q: SSL/TLS in ALT Linux X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: ALT Devel discussion list List-Id: ALT Devel discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2007 22:58:45 -0000 Archived-At: List-Archive: List-Post: --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 04, 2007 at 06:13:20PM +0300, Konstantin A. Lepikhov wrote: [...] > > =F5 =CE=C1=D3 =C5=D3=D4=D8 =CB=D4=CF-=CE=C9=C2=D5=C4=D8, =CB=D4=CF =C2= =D5=C4=C5=D4 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 =CF=C2=DD=C5=C5 =C8=D2=C1= =CE=C9=CC=C9=DD=C5 > > =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=CF=D7 CA =C9 =D0=D2=C9 =DC=D4=CF=CD =CE= =C5 =C8=CF=DE=C5=D4 =C2=D9=D4=D8 =DA=C1=D7=D1=DA=C1=CE =CE=C1 openssl? =EB= =C1=CB > > =CD=C9=CE=C9=CD=D5=CD, =C5=D3=D4=D8 gnutls, =CB=CF=D4=CF=D2=D9=CA =D7= =D2=CF=C4=C5 =C2=D9 =D1=D7=CC=D1=C5=D4=D3=D1 =C1=CC=D8=D4=C5=D2=C1=CE=D4=C9= =D7=CE=CF=CA > > =D2=C5=C1=CC=C9=DA=C1=C3=C9=C5=CA - =CE=CF =D4=C1=CD =D4=CF=D6=C5 =D7= =D3=C5 =CE=CF=D3=D1=D4 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=D9 =D3 =D3=CF=C2=CF= =CA? > =C5=DD=C5 =C5=D3=D4=D8 NSS =C9 =D7=D3=C5, =DE=D4=CF =C5=C7=CF =C9=D3=D0= =CF=CC=D8=DA=D5=C5=D4 =E9 =D4=C5=D0=C5=D2=D8 =CE=C1=C4=CF =D3=CB=CF=CE=D7=C5=D2=D4=C9=D2=CF=D7=C1= =D4=D8 http://git.altlinux.org/people/ldv/packages/?p=3Dca-certificates.git;a=3Dbl= ob;f=3Dalt/alt.pem;h=3D2b4b4e71653384c1fdceb249ab4f956d7e52863c;hb=3DHEAD =C9=DA PEM =D7 =D4=CF=D4 =C6=CF=D2=CD=C1=D4, =CB=CF=D4=CF=D2=D9=CA =C9=D3= =D0=CF=CC=D8=DA=D5=C5=D4 =CD=CF=DA=C9=CC=D8=CE=C1=D1 certdata.txt > > 1.1. =F7=D9=C4=C5=CC=D1=C5=CD =C8=D2=C1=CE=C9=CC=C9=DD=C5 CA public cer= ts =D7 =CF=D4=C4=C5=CC=D8=CE=D9=CA noarch-=D0=C1=CB=C5=D4 > > 1.2. =F0=C5=D2=C5=D3=CF=C2=C9=D2=C1=C5=CD openssl =D3 =C9=D3=D0=CF=CC= =D8=DA=CF=D7=C1=CE=C9=C5=CD =C8=D2=C1=CE=C9=CC=C9=DD=C1 =C9=DA =DC=D4=CF=C7= =CF =CF=D4=C4=C5=CC=D8=CE=CF=C7=CF > > =D0=C1=CB=C5=D4=C1. =F0=C1=CB=C5=D4 =CE=C1=DA=D9=D7=C1=C5=D4=D3=D1 ca-certificates. > > 2.1. =EF=C2=DF=D1=D7=CC=D1=C5=CD =D0=CF=CC=C9=D3=C9 =D7=D3=D4=D5=D0=C9= =D7=DB=C9=CD =D7 =C4=C5=CA=D3=D4=D7=C9=C5, =D0=C5=D2=C5=CE=CF=D3=C9=CD =C5= =C7=CF =D3 > > http://www.freesource.info/wiki/Altlinux/Policy =CE=C1 > > http://wiki.sisyphus.ru/devel/policy =F1 =CE=C5 =DA=CE=C1=C0, =CE=C1=C4=CF =CC=C9 =D0=C5=D2=C5=CE=CF=D3=C9=D4=D8= =D3=D4=D2=C1=CE=C9=C3=D9, =CE=CF policy =CD=CF=D6=CE=CF =D3=DE=C9=D4=C1=D4= =D8 =D7=D3=D4=D5=D0=C9=D7=DB=C9=CD =D7 =D3=C9=CC=D5. > > 2.2. =F3=CD=CF=D4=D2=C9=CD, =CB=C1=CB=C9=C5 =D0=C1=CB=C5=D4=D9 =D5 =CE= =C1=D3 =CE=CF=D3=D1=D4 =D4=C1=CB=CF=C5 =C8=D2=C1=CE=C9=CC=C9=DD=C5 =D3 =D3= =CF=C2=CF=CA. =F0=CF > > =D0=D2=C5=C4=D7=C1=D2=C9=D4=C5=CC=D8=CE=D9=CD =D0=CF=C4=D3=DE=C5=D4=C1= =CD =DC=D4=CF: > >=20 > > # grep $'\.pem\t' /Sisyphus/i586/base/contents_index >$TMPDIR/suspicious > > # grep $'\.crt\t' /Sisyphus/i586/base/contents_index >>$TMPDIR/suspicio= us > > # cut -f2 $TMPDIR/suspicious | sort -u > >=20 > > MySQL-server > > monit > > mutt1.5 > > stunnel > > uw-imap > =F4=C1=CD =D4=CF=CC=D8=CB=CF =D0=D2=C9=CD=C5=D2=D9 =D3=C5=D2=D4=C9=C6=C9= =CB=C1=D4=CF=D7. =FC=D4=CF =C8=CF=D2=CF=DB=CF. =EE=C1=C4=CF =D0=D2=CF=D7=C5=D2=C9=D4=D8 =CF= =D3=D4=C1=CC=D8=CE=D9=C5. =EF=C4=C9=CE =CE=C5=D0=D2=C1=D7=C9=CC=D8=CE=D9=CA =D1 =D5=D6=C5 =CE=C1=DB= =A3=CC, libcurl =CE=C1=DA=D9=D7=C1=C5=D4=D3=D1: $ strings /usr/lib64/libcurl.so.4 |fgrep curl-ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt - =D3=CD. http://curl.haxx.se/docs/sslcerts.html > > 2.3. =EB=C1=D6=C4=D9=CA =C9=DA =DC=D4=C9=C8 =D0=C1=CB=C5=D4=CF=D7 =D3= =CD=CF=D4=D2=C9=CD =C7=CC=C1=DA=C1=CD=C9 (=C2=CC=C1=C7=CF, =C9=C8 =CE=C5=CD= =CE=CF=C7=CF) =C9 > > =D2=C1=D3=D3=D9=CC=C1=C5=CD =C9=C8 =CD=C5=CA=CE=D4=C5=CA=CE=C5=D2=C1=CD= =D0=D2=C5=C4=D5=D0=D2=C5=D6=C4=C5=CE=C9=D1 =C9 =C9=CE=D3=D4=D2=D5=CB=C3=C9= =C9, =DE=D4=CF =D4=D2=C5=C2=D5=C5=D4=D3=D1 > > =D3=C4=C5=CC=C1=D4=D8. =F0=CF=D2=C1 =D0=D2=C9=D3=D4=D5=D0=C1=D4=D8. > > 2.4. =F6=C4=C5=CD grace time, =C4=CF=D0=D5=D3=D4=C9=CD, =CE=C5=C4=C5=CC= =C0. > > 2.5. =F7=C5=DB=C1=C5=CD =C2=C1=C7=C9 + =DE=C9=CE=C9=CD =D3=D7=CF=C9=CD= =C9 =D3=C9=CC=C1=CD=C9 =DE=C5=D2=C5=DA NMU. > > 2.6. =F7=D7=CF=C4=C9=CD =D7 sisyphus_check =D0=D2=CF=D7=C5=D2=CB=D5: = =D0=CF =D3=CF=C2=D2=C1=CE=CE=CF=CD=D5 =D0=C1=CB=C5=D4=D5 =CE=D5=D6=CE=CF > > =D0=D2=CF=CA=D4=C9=D3=D8, =D7 =CB=C1=D6=C4=CF=CD =C6=C1=CA=CC=C5 =D0=CF= =C9=D3=CB=C1=D4=D8 "-----BEGIN CERTIFICATE-----" =C9 > > "-----END CERTIFICATE-----". =E5=D3=CC=C9 =D4=C1=CB=CF=C5 =CE=C1=DB=CC= =CF=D3=D8 - =D4=CF =D3 =D0=CF=CD=CF=DD=D8=C0: > >=20 > > openssl -in =C9=CD=D1=C6=C1=CA=CC=C1 -text -noout -purpose > >=20 > > =D7=D9=D4=C1=DD=C9=D4=D8 =C9=CE=C6=CF=D2=CD=C1=C3=C9=C0 =D0=CF =D3=C5= =D2=D4=C9=C6=C9=CB=C1=D4=D5 =C9 =D0=CF=D3=CD=CF=D4=D2=C5=D4=D8, =D1=D7=CC= =D1=C5=D4=D3=D1 =CC=C9 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4. > > =FC=D4=CF =D0=CF=CC=D5=CD=C5=D2=C1, =CE=C5=C4=CF=D3=D4=C1=D4=CF=DE=CE= =C1=D1 =C4=CC=D1 100% =D5=D7=C5=D2=C5=CE=CE=CF=D3=D4=C9, =CE=CF =D0=CF-=CD= =CF=C5=CD=D5, =DC=D4=CF > > =CC=D5=DE=DB=C5, =DE=C5=CD =CE=C9=DE=C5=C7=CF. > > 2.7. =F7=D7=CF=C4=C9=CD =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=DD=C9=CA = =CD=C1=CB=D2=CF=D3 relaxed, =DE=D4=CF=C2=D9 =CF=D4=CB=CC=C0=DE=C9=D4=D8 =DC= =D4=D5 =D0=D2=CF=D7=C5=D2=CB=D5. > =C2=D2=C5=C4=CF=D7=C1=D1 =DA=C1=D4=C5=D1. =F0=D2=CF=DD=C5 =D7=D0=D2=C1=D7= =CC=D1=D4=D8 =CD=CF=DA=C7=C9 =C1=D0=D3=D4=D2=C9=CD=D5 =CE=C1 =D0=D2=C5=C4= =CD=C5=D4 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=D1 > OPENSSL_config(3) =D0=C5=D2=C5=C4 =D0=D2=CF=D7=C5=D2=CB=CF=CA =D3=C5=D2= =D4=C9=C6=C9=CB=C1=D4=CF=D7. =F7=D0=D2=C1=D7=CC=D1=D4=D8 =CD=CF=DA=C7=C9 -- =DC=D4=CF =CE=C5=CA=D2=CF=C8= =C9=D2=D5=D2=C7=C9=DE=C5=D3=CB=C1=D1 =CF=D0=C5=D2=C1=C3=C9=D1, =CB=CF=D4=CF= =D2=C1=D1 =D4=D2=C5=C2=D5=C5=D4 =CE=C1=D7=D9=CB=CF=D7, =D7=D2=C5=CD=C5=CE=C9 =C9 =CB=CF=CE=C3=C5=CE=D4=D2= =C1=C3=C9=C9 (=D1 =D3=CC=D9=DB=C1=CC, =DE=D4=CF =CE=C5=CB=CF=D4=CF=D2=D9=C5= =CE=C5=C4=C1=D7=CE=CF =D0=D9=D4=C1=CC=C9=D3=D8 =CE=C1 =D3=CB=CF=D2=D5=C0 =D2=D5=CB=D5 =C4=CF=CE=C5=D3=D4=C9 =C4=CF =C1=D0= =D3=D4=D2=C9=CD=C1 =C9=D3=D0=D2=C1=D7=CC=C5=CE=C9=D1 =D3=C2=CF=D2=CB=C9 --a= s-needed, =D0=D5=D3=D4=D8 =CF=CE=C9 =D2=C1=D3=D3=CB=C1=D6=D5=D4). =F7 =C4=C1=CE=CE=CF=CD =D3=CC=D5= =DE=C1=C5 =D0=C1=CB=C5=D4=CF=D7, =CB=CF=D4=CF=D2=D9=C5 =CE=D5=D6=CE=CF =C9= =D3=D0=D2=C1=D7=C9=D4=D8 =CE=C1 =D0=D2=C5=C4=CD=C5=D4 OPENSSL_config(3), =CE=C5 =D4=C1=CB =CD=CE=CF=C7=CF, = =C9 =D6=C4=C1=D4=D8 =C1=D0=D3=D4=D2=C9=CD=C1 =CE=C5=CB=CF=C7=C4=C1. --=20 ldv --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFyQgjfKvmrJ41Nh4RAqkMAJ0aD4Gs47HlyUoC8+gPHYbCdFNedQCfcoSC 1F/lzB+tWmMdxcSurm4g2IE= =Kv/k -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o--