From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] del_rand: Deletion of RAND file in openssl config Date: Tue, 29 Jan 2019 15:44:39 +0000 Message-ID: In-Reply-To: <394b4b9eaf1a0b659dff333eb739a4019f200304.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8842565602275543665==" List-Id: --===============8842565602275543665== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Yes, I think we can delete them. They don’t serve any purpose. > On 29 Jan 2019, at 15:11, ummeegge wrote: > > OK, thanks. > But good that you mentioned the updater cause we wanted to delete then > also the .rnd files under /var/ipfire/ovpn/ca and under /var/tmp/.rnd > since both openssl configuration files did exclude them with this > patch. > > Would send a patch for this too but i am currently on a travel and back > again next week. > > A list of all available .rnd´s are: > -rw------- 1 nobody nobody 1024 Sep 1 09:07 /home/nobody/.rnd > -rw------- 1 nobody nobody 1024 Nov 16 01:27 /var/ipfire/ovpn/ca/.rnd > -rw------- 1 nobody nobody 1024 Sep 22 12:14 /var/tmp/.rnd > -rw------- 1 root root 1024 Jun 25 12:59 /.rnd > -rw------- 1 root root 1024 Nov 19 14:29 /root/.rnd > > Should they be deleted too ? > > Best, > > Erik > > Am Dienstag, den 29.01.2019, 13:52 +0000 schrieb Michael Tremer: >> I merged it. >> >> For some reason I thought this was part of the OpenSSL patchset. >> >> Best, >> -Michael >> >>> On 29 Jan 2019, at 13:51, Michael Tremer >>> wrote: >>> >>> What is the reason that openssl.cnf is excluded in the updater? >>> >>>> On 29 Jan 2019, at 13:17, ummeegge wrote: >>>> >>>> Just as a reminder cause i haven´t found it in Git, this one >>>> might be >>>> important for the OpenSSL update and IPSec. >>>> >>>> Best, >>>> >>>> Erik >>>> >>>> >>>> Am Dienstag, den 08.01.2019, 20:33 +0100 schrieb Erik Kapfer: >>>>> Fixes #11943 >>>>> >>>>> Since the kernel RNG should do this, there is no need for this >>>>> anymore. >>>>> >>>>> Signed-off-by: Erik Kapfer >>>>> --- >>>>> config/ovpn/openssl/ovpn.cnf | 2 -- >>>>> config/ssl/openssl.cnf | 2 -- >>>>> 2 files changed, 4 deletions(-) >>>>> >>>>> diff --git a/config/ovpn/openssl/ovpn.cnf >>>>> b/config/ovpn/openssl/ovpn.cnf >>>>> index 40daf2a0a..96c3dcb09 100644 >>>>> --- a/config/ovpn/openssl/ovpn.cnf >>>>> +++ b/config/ovpn/openssl/ovpn.cnf >>>>> @@ -1,5 +1,4 @@ >>>>> HOME = . >>>>> -RANDFILE = /var/ipfire/ovpn/ca/.rnd >>>>> oid_section = new_oids >>>>> >>>>> [ new_oids ] >>>>> @@ -17,7 +16,6 @@ certificate = >>>>> $dir/ca/cacert.pem >>>>> serial = $dir/certs/serial >>>>> crl = $dir/crl.pem >>>>> private_key = $dir/ca/cakey.pem >>>>> -RANDFILE = $dir/ca/.rand >>>>> x509_extensions = usr_cert >>>>> default_days = 999999 >>>>> default_crl_days = 30 >>>>> diff --git a/config/ssl/openssl.cnf b/config/ssl/openssl.cnf >>>>> index 9d1e6e1ff..3b980fcd4 100644 >>>>> --- a/config/ssl/openssl.cnf >>>>> +++ b/config/ssl/openssl.cnf >>>>> @@ -1,5 +1,4 @@ >>>>> HOME = . >>>>> -RANDFILE = /var/tmp/.rnd >>>>> oid_section = new_oids >>>>> >>>>> [ new_oids ] >>>>> @@ -17,7 +16,6 @@ certificate = $dir/ca/cacert.pem >>>>> serial = $dir/certs/serial >>>>> crl = $dir/crls/cacrl.pem >>>>> private_key = $dir/private/cakey.pem >>>>> -RANDFILE = $dir/tmp/.rand >>>>> x509_extensions = usr_cert >>>>> default_days = 999999 >>>>> default_crl_days= 30 >> >> > --===============8842565602275543665==--