[Pkg-openldap-devel] r1258 - in openldap/trunk/debian: . patches

matthijs at alioth.debian.org matthijs at alioth.debian.org
Sat Apr 17 20:14:34 UTC 2010 

tags 563113 pending
tags 510346 pending
thanks

Author: matthijs
Date: 2010-04-17 20:14:33 +0000 (Sat, 17 Apr 2010)
New Revision: 1258

Added:
   openldap/trunk/debian/patches/manpage-tlscyphersuite-additions
Modified:
   openldap/trunk/debian/changelog
   openldap/trunk/debian/patches/series
Log:
 * Add clearification of tls cypher suit to the manpages ldap.conf.5 and slapd.conf.5


Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog	2010-04-17 11:52:20 UTC (rev 1257)
+++ openldap/trunk/debian/changelog	2010-04-17 20:14:33 UTC (rev 1258)
@@ -19,8 +19,10 @@
   * Enable dynamic acls
   * Use slappasswd to create a secure password (Closes: #490930)
   * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
+  * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
+  * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
 
- -- Matthijs Mohlmann <matthijs at cacholong.nl>  Fri, 16 Apr 2010 15:27:28 +0200
+ -- Matthijs Mohlmann <matthijs at cacholong.nl>  Sat, 17 Apr 2010 21:34:02 +0200
 
 openldap (2.4.17-2.1) unstable; urgency=high
 

Added: openldap/trunk/debian/patches/manpage-tlscyphersuite-additions
===================================================================
--- openldap/trunk/debian/patches/manpage-tlscyphersuite-additions	                        (rev 0)
+++ openldap/trunk/debian/patches/manpage-tlscyphersuite-additions	2010-04-17 20:14:33 UTC (rev 1258)
@@ -0,0 +1,94 @@
+Index: b/doc/man/man5/ldap.conf.5
+===================================================================
+--- a/doc/man/man5/ldap.conf.5
++++ b/doc/man/man5/ldap.conf.5
+@@ -333,20 +333,36 @@
+ .TP
+ .B TLS_CIPHER_SUITE <cipher-suite-spec>
+ Specifies acceptable cipher suite and preference order.
+-<cipher-suite-spec> should be a cipher specification for OpenSSL,
+-e.g., HIGH:MEDIUM:+SSLv2.
++<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls
++Example:
++.RS
++.RS
++.TP
++.I OpenSSL:
++TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2
++.TP
++.I GNUtls:
++TLS_CIPHER_SUITE SECURE256:!AES-128-CBC
++.RE
+ 
+-To check what ciphers a given spec selects, use:
++To check what ciphers a given spec selects in OpenSSL, use:
+ 
+ .nf
+ 	openssl ciphers \-v <cipher-suite-spec>
+ .fi
+ 
+-To obtain the list of ciphers in GNUtls use:
++With GNUtls the available specs can be found in the manual page of
++.BR gnutls\-cli (1)
++(see the description of the
++option
++.BR \-\-priority ).
+ 
++In older versions of GNUtls, where gnutls\-cli does not support the option
++\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
+ .nf
+-	gnutls-cli \-l
++	gnutls\-cli \-l
+ .fi
++.RE
+ .TP
+ .B TLS_RANDFILE <filename>
+ Specifies the file to obtain random bits from when /dev/[u]random is
+Index: b/doc/man/man5/slapd.conf.5
+===================================================================
+--- a/doc/man/man5/slapd.conf.5
++++ b/doc/man/man5/slapd.conf.5
+@@ -1029,22 +1029,37 @@
+ .TP
+ .B TLSCipherSuite <cipher-suite-spec>
+ Permits configuring what ciphers will be accepted and the preference order.
+-<cipher-suite-spec> should be a cipher specification for OpenSSL.  Example:
+-
++<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
++Example:
++.RS
++.RS
++.TP
++.I OpenSSL:
+ TLSCipherSuite HIGH:MEDIUM:+SSLv2
++.TP
++.I GNUtls:
++TLSCiphersuite SECURE256:!AES-128-CBC
++.RE
+ 
+-To check what ciphers a given spec selects, use:
++To check what ciphers a given spec selects in OpenSSL, use:
+ 
+ .nf
+ 	openssl ciphers \-v <cipher-suite-spec>
+ .fi
+ 
+-To obtain the list of ciphers in GNUtls use:
++With GNUtls the available specs can be found in the manual page of
++.BR gnutls\-cli (1)
++(see the description of the
++option
++.BR \-\-priority ).
++
++In older versions of GNUtls, where gnutls\-cli does not support the option
++\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
+ 
+ .nf
+-	gnutls-cli \-l
++	gnutls\-cli \-l
+ .fi
+-
++.RE
+ .TP
+ .B TLSCACertificateFile <filename>
+ Specifies the file that contains certificates for all of the Certificate

Modified: openldap/trunk/debian/patches/series
===================================================================
--- openldap/trunk/debian/patches/series	2010-04-17 11:52:20 UTC (rev 1257)
+++ openldap/trunk/debian/patches/series	2010-04-17 20:14:33 UTC (rev 1258)
@@ -10,3 +10,4 @@
 getaddrinfo-is-threadsafe
 do-not-second-guess-sonames
 shutdown-issue-6322
+manpage-tlscyphersuite-additions

More information about the Pkg-openldap-devel mailing list