* [PATCH] del_rand: Deletion of RAND file in openssl config @ 2019-01-08 19:33 Erik Kapfer 2019-01-29 13:17 ` ummeegge 0 siblings, 1 reply; 6+ messages in thread From: Erik Kapfer @ 2019-01-08 19:33 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1290 bytes --] Fixes #11943 Since the kernel RNG should do this, there is no need for this anymore. Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> --- config/ovpn/openssl/ovpn.cnf | 2 -- config/ssl/openssl.cnf | 2 -- 2 files changed, 4 deletions(-) diff --git a/config/ovpn/openssl/ovpn.cnf b/config/ovpn/openssl/ovpn.cnf index 40daf2a0a..96c3dcb09 100644 --- a/config/ovpn/openssl/ovpn.cnf +++ b/config/ovpn/openssl/ovpn.cnf @@ -1,5 +1,4 @@ HOME = . -RANDFILE = /var/ipfire/ovpn/ca/.rnd oid_section = new_oids [ new_oids ] @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem serial = $dir/certs/serial crl = $dir/crl.pem private_key = $dir/ca/cakey.pem -RANDFILE = $dir/ca/.rand x509_extensions = usr_cert default_days = 999999 default_crl_days = 30 diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf index 9d1e6e1ff..3b980fcd4 100644 --- a/config/ssl/openssl.cnf +++ b/config/ssl/openssl.cnf @@ -1,5 +1,4 @@ HOME = . -RANDFILE = /var/tmp/.rnd oid_section = new_oids [ new_oids ] @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem serial = $dir/certs/serial crl = $dir/crls/cacrl.pem private_key = $dir/private/cakey.pem -RANDFILE = $dir/tmp/.rand x509_extensions = usr_cert default_days = 999999 default_crl_days= 30 -- 2.12.2 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] del_rand: Deletion of RAND file in openssl config 2019-01-08 19:33 [PATCH] del_rand: Deletion of RAND file in openssl config Erik Kapfer @ 2019-01-29 13:17 ` ummeegge 2019-01-29 13:51 ` Michael Tremer 0 siblings, 1 reply; 6+ messages in thread From: ummeegge @ 2019-01-29 13:17 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1567 bytes --] Just as a reminder cause i haven´t found it in Git, this one might be important for the OpenSSL update and IPSec. Best, Erik Am Dienstag, den 08.01.2019, 20:33 +0100 schrieb Erik Kapfer: > Fixes #11943 > > Since the kernel RNG should do this, there is no need for this > anymore. > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > --- > config/ovpn/openssl/ovpn.cnf | 2 -- > config/ssl/openssl.cnf | 2 -- > 2 files changed, 4 deletions(-) > > diff --git a/config/ovpn/openssl/ovpn.cnf > b/config/ovpn/openssl/ovpn.cnf > index 40daf2a0a..96c3dcb09 100644 > --- a/config/ovpn/openssl/ovpn.cnf > +++ b/config/ovpn/openssl/ovpn.cnf > @@ -1,5 +1,4 @@ > HOME = . > -RANDFILE = /var/ipfire/ovpn/ca/.rnd > oid_section = new_oids > > [ new_oids ] > @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem > serial = $dir/certs/serial > crl = $dir/crl.pem > private_key = $dir/ca/cakey.pem > -RANDFILE = $dir/ca/.rand > x509_extensions = usr_cert > default_days = 999999 > default_crl_days = 30 > diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf > index 9d1e6e1ff..3b980fcd4 100644 > --- a/config/ssl/openssl.cnf > +++ b/config/ssl/openssl.cnf > @@ -1,5 +1,4 @@ > HOME = . > -RANDFILE = /var/tmp/.rnd > oid_section = new_oids > > [ new_oids ] > @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem > serial = $dir/certs/serial > crl = $dir/crls/cacrl.pem > private_key = $dir/private/cakey.pem > -RANDFILE = $dir/tmp/.rand > x509_extensions = usr_cert > default_days = 999999 > default_crl_days= 30 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] del_rand: Deletion of RAND file in openssl config 2019-01-29 13:17 ` ummeegge @ 2019-01-29 13:51 ` Michael Tremer 2019-01-29 13:52 ` Michael Tremer 0 siblings, 1 reply; 6+ messages in thread From: Michael Tremer @ 2019-01-29 13:51 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1749 bytes --] What is the reason that openssl.cnf is excluded in the updater? > On 29 Jan 2019, at 13:17, ummeegge <ummeegge(a)ipfire.org> wrote: > > Just as a reminder cause i haven´t found it in Git, this one might be > important for the OpenSSL update and IPSec. > > Best, > > Erik > > > Am Dienstag, den 08.01.2019, 20:33 +0100 schrieb Erik Kapfer: >> Fixes #11943 >> >> Since the kernel RNG should do this, there is no need for this >> anymore. >> >> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> >> --- >> config/ovpn/openssl/ovpn.cnf | 2 -- >> config/ssl/openssl.cnf | 2 -- >> 2 files changed, 4 deletions(-) >> >> diff --git a/config/ovpn/openssl/ovpn.cnf >> b/config/ovpn/openssl/ovpn.cnf >> index 40daf2a0a..96c3dcb09 100644 >> --- a/config/ovpn/openssl/ovpn.cnf >> +++ b/config/ovpn/openssl/ovpn.cnf >> @@ -1,5 +1,4 @@ >> HOME = . >> -RANDFILE = /var/ipfire/ovpn/ca/.rnd >> oid_section = new_oids >> >> [ new_oids ] >> @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem >> serial = $dir/certs/serial >> crl = $dir/crl.pem >> private_key = $dir/ca/cakey.pem >> -RANDFILE = $dir/ca/.rand >> x509_extensions = usr_cert >> default_days = 999999 >> default_crl_days = 30 >> diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf >> index 9d1e6e1ff..3b980fcd4 100644 >> --- a/config/ssl/openssl.cnf >> +++ b/config/ssl/openssl.cnf >> @@ -1,5 +1,4 @@ >> HOME = . >> -RANDFILE = /var/tmp/.rnd >> oid_section = new_oids >> >> [ new_oids ] >> @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem >> serial = $dir/certs/serial >> crl = $dir/crls/cacrl.pem >> private_key = $dir/private/cakey.pem >> -RANDFILE = $dir/tmp/.rand >> x509_extensions = usr_cert >> default_days = 999999 >> default_crl_days= 30 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] del_rand: Deletion of RAND file in openssl config 2019-01-29 13:51 ` Michael Tremer @ 2019-01-29 13:52 ` Michael Tremer 2019-01-29 15:11 ` ummeegge 0 siblings, 1 reply; 6+ messages in thread From: Michael Tremer @ 2019-01-29 13:52 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2068 bytes --] I merged it. For some reason I thought this was part of the OpenSSL patchset. Best, -Michael > On 29 Jan 2019, at 13:51, Michael Tremer <michael.tremer(a)ipfire.org> wrote: > > What is the reason that openssl.cnf is excluded in the updater? > >> On 29 Jan 2019, at 13:17, ummeegge <ummeegge(a)ipfire.org> wrote: >> >> Just as a reminder cause i haven´t found it in Git, this one might be >> important for the OpenSSL update and IPSec. >> >> Best, >> >> Erik >> >> >> Am Dienstag, den 08.01.2019, 20:33 +0100 schrieb Erik Kapfer: >>> Fixes #11943 >>> >>> Since the kernel RNG should do this, there is no need for this >>> anymore. >>> >>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> >>> --- >>> config/ovpn/openssl/ovpn.cnf | 2 -- >>> config/ssl/openssl.cnf | 2 -- >>> 2 files changed, 4 deletions(-) >>> >>> diff --git a/config/ovpn/openssl/ovpn.cnf >>> b/config/ovpn/openssl/ovpn.cnf >>> index 40daf2a0a..96c3dcb09 100644 >>> --- a/config/ovpn/openssl/ovpn.cnf >>> +++ b/config/ovpn/openssl/ovpn.cnf >>> @@ -1,5 +1,4 @@ >>> HOME = . >>> -RANDFILE = /var/ipfire/ovpn/ca/.rnd >>> oid_section = new_oids >>> >>> [ new_oids ] >>> @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem >>> serial = $dir/certs/serial >>> crl = $dir/crl.pem >>> private_key = $dir/ca/cakey.pem >>> -RANDFILE = $dir/ca/.rand >>> x509_extensions = usr_cert >>> default_days = 999999 >>> default_crl_days = 30 >>> diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf >>> index 9d1e6e1ff..3b980fcd4 100644 >>> --- a/config/ssl/openssl.cnf >>> +++ b/config/ssl/openssl.cnf >>> @@ -1,5 +1,4 @@ >>> HOME = . >>> -RANDFILE = /var/tmp/.rnd >>> oid_section = new_oids >>> >>> [ new_oids ] >>> @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem >>> serial = $dir/certs/serial >>> crl = $dir/crls/cacrl.pem >>> private_key = $dir/private/cakey.pem >>> -RANDFILE = $dir/tmp/.rand >>> x509_extensions = usr_cert >>> default_days = 999999 >>> default_crl_days= 30 >> > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] del_rand: Deletion of RAND file in openssl config 2019-01-29 13:52 ` Michael Tremer @ 2019-01-29 15:11 ` ummeegge 2019-01-29 15:44 ` Michael Tremer 0 siblings, 1 reply; 6+ messages in thread From: ummeegge @ 2019-01-29 15:11 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 3014 bytes --] OK, thanks. But good that you mentioned the updater cause we wanted to delete then also the .rnd files under /var/ipfire/ovpn/ca and under /var/tmp/.rnd since both openssl configuration files did exclude them with this patch. Would send a patch for this too but i am currently on a travel and back again next week. A list of all available .rnd´s are: -rw------- 1 nobody nobody 1024 Sep 1 09:07 /home/nobody/.rnd -rw------- 1 nobody nobody 1024 Nov 16 01:27 /var/ipfire/ovpn/ca/.rnd -rw------- 1 nobody nobody 1024 Sep 22 12:14 /var/tmp/.rnd -rw------- 1 root root 1024 Jun 25 12:59 /.rnd -rw------- 1 root root 1024 Nov 19 14:29 /root/.rnd Should they be deleted too ? Best, Erik Am Dienstag, den 29.01.2019, 13:52 +0000 schrieb Michael Tremer: > I merged it. > > For some reason I thought this was part of the OpenSSL patchset. > > Best, > -Michael > > > On 29 Jan 2019, at 13:51, Michael Tremer <michael.tremer(a)ipfire.org > > > wrote: > > > > What is the reason that openssl.cnf is excluded in the updater? > > > > > On 29 Jan 2019, at 13:17, ummeegge <ummeegge(a)ipfire.org> wrote: > > > > > > Just as a reminder cause i haven´t found it in Git, this one > > > might be > > > important for the OpenSSL update and IPSec. > > > > > > Best, > > > > > > Erik > > > > > > > > > Am Dienstag, den 08.01.2019, 20:33 +0100 schrieb Erik Kapfer: > > > > Fixes #11943 > > > > > > > > Since the kernel RNG should do this, there is no need for this > > > > anymore. > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > > > > --- > > > > config/ovpn/openssl/ovpn.cnf | 2 -- > > > > config/ssl/openssl.cnf | 2 -- > > > > 2 files changed, 4 deletions(-) > > > > > > > > diff --git a/config/ovpn/openssl/ovpn.cnf > > > > b/config/ovpn/openssl/ovpn.cnf > > > > index 40daf2a0a..96c3dcb09 100644 > > > > --- a/config/ovpn/openssl/ovpn.cnf > > > > +++ b/config/ovpn/openssl/ovpn.cnf > > > > @@ -1,5 +1,4 @@ > > > > HOME = . > > > > -RANDFILE = /var/ipfire/ovpn/ca/.rnd > > > > oid_section = new_oids > > > > > > > > [ new_oids ] > > > > @@ -17,7 +16,6 @@ certificate = > > > > $dir/ca/cacert.pem > > > > serial = $dir/certs/serial > > > > crl = $dir/crl.pem > > > > private_key = $dir/ca/cakey.pem > > > > -RANDFILE = $dir/ca/.rand > > > > x509_extensions = usr_cert > > > > default_days = 999999 > > > > default_crl_days = 30 > > > > diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf > > > > index 9d1e6e1ff..3b980fcd4 100644 > > > > --- a/config/ssl/openssl.cnf > > > > +++ b/config/ssl/openssl.cnf > > > > @@ -1,5 +1,4 @@ > > > > HOME = . > > > > -RANDFILE = /var/tmp/.rnd > > > > oid_section = new_oids > > > > > > > > [ new_oids ] > > > > @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem > > > > serial = $dir/certs/serial > > > > crl = $dir/crls/cacrl.pem > > > > private_key = $dir/private/cakey.pem > > > > -RANDFILE = $dir/tmp/.rand > > > > x509_extensions = usr_cert > > > > default_days = 999999 > > > > default_crl_days= 30 > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] del_rand: Deletion of RAND file in openssl config 2019-01-29 15:11 ` ummeegge @ 2019-01-29 15:44 ` Michael Tremer 0 siblings, 0 replies; 6+ messages in thread From: Michael Tremer @ 2019-01-29 15:44 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 3098 bytes --] Yes, I think we can delete them. They don’t serve any purpose. > On 29 Jan 2019, at 15:11, ummeegge <ummeegge(a)ipfire.org> wrote: > > OK, thanks. > But good that you mentioned the updater cause we wanted to delete then > also the .rnd files under /var/ipfire/ovpn/ca and under /var/tmp/.rnd > since both openssl configuration files did exclude them with this > patch. > > Would send a patch for this too but i am currently on a travel and back > again next week. > > A list of all available .rnd´s are: > -rw------- 1 nobody nobody 1024 Sep 1 09:07 /home/nobody/.rnd > -rw------- 1 nobody nobody 1024 Nov 16 01:27 /var/ipfire/ovpn/ca/.rnd > -rw------- 1 nobody nobody 1024 Sep 22 12:14 /var/tmp/.rnd > -rw------- 1 root root 1024 Jun 25 12:59 /.rnd > -rw------- 1 root root 1024 Nov 19 14:29 /root/.rnd > > Should they be deleted too ? > > Best, > > Erik > > Am Dienstag, den 29.01.2019, 13:52 +0000 schrieb Michael Tremer: >> I merged it. >> >> For some reason I thought this was part of the OpenSSL patchset. >> >> Best, >> -Michael >> >>> On 29 Jan 2019, at 13:51, Michael Tremer <michael.tremer(a)ipfire.org >>>> wrote: >>> >>> What is the reason that openssl.cnf is excluded in the updater? >>> >>>> On 29 Jan 2019, at 13:17, ummeegge <ummeegge(a)ipfire.org> wrote: >>>> >>>> Just as a reminder cause i haven´t found it in Git, this one >>>> might be >>>> important for the OpenSSL update and IPSec. >>>> >>>> Best, >>>> >>>> Erik >>>> >>>> >>>> Am Dienstag, den 08.01.2019, 20:33 +0100 schrieb Erik Kapfer: >>>>> Fixes #11943 >>>>> >>>>> Since the kernel RNG should do this, there is no need for this >>>>> anymore. >>>>> >>>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> >>>>> --- >>>>> config/ovpn/openssl/ovpn.cnf | 2 -- >>>>> config/ssl/openssl.cnf | 2 -- >>>>> 2 files changed, 4 deletions(-) >>>>> >>>>> diff --git a/config/ovpn/openssl/ovpn.cnf >>>>> b/config/ovpn/openssl/ovpn.cnf >>>>> index 40daf2a0a..96c3dcb09 100644 >>>>> --- a/config/ovpn/openssl/ovpn.cnf >>>>> +++ b/config/ovpn/openssl/ovpn.cnf >>>>> @@ -1,5 +1,4 @@ >>>>> HOME = . >>>>> -RANDFILE = /var/ipfire/ovpn/ca/.rnd >>>>> oid_section = new_oids >>>>> >>>>> [ new_oids ] >>>>> @@ -17,7 +16,6 @@ certificate = >>>>> $dir/ca/cacert.pem >>>>> serial = $dir/certs/serial >>>>> crl = $dir/crl.pem >>>>> private_key = $dir/ca/cakey.pem >>>>> -RANDFILE = $dir/ca/.rand >>>>> x509_extensions = usr_cert >>>>> default_days = 999999 >>>>> default_crl_days = 30 >>>>> diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf >>>>> index 9d1e6e1ff..3b980fcd4 100644 >>>>> --- a/config/ssl/openssl.cnf >>>>> +++ b/config/ssl/openssl.cnf >>>>> @@ -1,5 +1,4 @@ >>>>> HOME = . >>>>> -RANDFILE = /var/tmp/.rnd >>>>> oid_section = new_oids >>>>> >>>>> [ new_oids ] >>>>> @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem >>>>> serial = $dir/certs/serial >>>>> crl = $dir/crls/cacrl.pem >>>>> private_key = $dir/private/cakey.pem >>>>> -RANDFILE = $dir/tmp/.rand >>>>> x509_extensions = usr_cert >>>>> default_days = 999999 >>>>> default_crl_days= 30 >> >> > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-01-29 15:44 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-01-08 19:33 [PATCH] del_rand: Deletion of RAND file in openssl config Erik Kapfer 2019-01-29 13:17 ` ummeegge 2019-01-29 13:51 ` Michael Tremer 2019-01-29 13:52 ` Michael Tremer 2019-01-29 15:11 ` ummeegge 2019-01-29 15:44 ` Michael Tremer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox