[Pkg-tigervnc-devel] pkg-tigervnc.git - master (branch) updated: debian/1.6.0+dfsg-2-30-g57ede9e
Ola Lundqvist
ola.lundqvist at gmail.com
Tue Jan 3 22:36:40 UTC 2017
Hi Joachim
Thank you for explaining this a little more.
Do I understand that it works like this:
1) tigervncserver will be able to automatically create SSL certs (self
signed) based on the files in /usr/share/tigervnc.
2) The created cert will be placed in the user home directory.
3) The SSL config files are just used for the auto-generation of certificates.
With this approach I think you are right that they do not need to be
admin editable. However I still think it may be better to put them in
/etc/tigervnc.
The reason is that an admin may want to have some other default
security setting for the automatically generated certificates. For
example other default crypto algorithm, key size or whatever. If we
put them in /usr the admin can not edit it, because on upgrade it will
be overwritten.
This means that I would actually vote for putting these two config
files in /etc anyway, even though they do not strictly need to be
there.
At the same time I think we should remove the word "example" from the
config file. :-)
Best regards
// Ola
On 3 January 2017 at 18:02, Joachim Falk <joachim.falk at gmx.de> wrote:
> Hi Ola,
>
> Am 03.01.2017 um 17:46 schrieb Ola Lundqvist:
>> Hi Joachim
>>
>> The new cfg file. Are admins supposed to be able to edit it?
> I don't think so. At least in the package ssl-cert -- that
> I used as inspiration -- they are also under /usr/share/ssl-cert.
> Thus, they are not supposed to be admin editable. The ssl-cert
> package is used to create the ssl-cert-snakeoil.key self signed
> certificate. I have opted for a somewhat more modern crypto algo,
> i.e., ECDSA with NIST curve secp384r1 and SHA256 hash.
>
> If the user wants their own certificate, instead of the on demand
> auto generated one, they can specify them via -X509Cert and -X509Key
> or replaces the auto generated files in ~/.vnc. They will not be
> overwritten once generated.
>
>>
>> / Ola
>>
>> Sent from a phone
>>
>> Den 3 jan 2017 14:48 skrev "Joachim Falk" <jfalk-guest at moszumanska.debian.org <mailto:jfalk-guest at moszumanska.debian.org>>:
>>
>> The branch, master has been updated
>> via 57ede9ed6e0d66c3d396a02856f1d73a16e0ad87 (commit)
>> from 50a77ffc2e9d8508cbaa84229857f32766892c05 (commit)
>>
>> Those revisions listed above that are new to this repository have
>> not appeared on any other notification email; so we list those
>> revisions in full, below.
>>
>> - Log -----------------------------------------------------------------
>> commit 57ede9ed6e0d66c3d396a02856f1d73a16e0ad87
>> Author: Joachim Falk <joachim.falk at gmx.de <mailto:joachim.falk at gmx.de>>
>> Date: Tue Jan 3 14:12:33 2017 +0100
>>
>> Better support for security types X509None, X509Vnc, and X509Plain.
>>
>> -----------------------------------------------------------------------
>>
>> Summary of changes:
>> debian/changelog | 10 ++-
>> debian/helpers/usr/bin/tigervncserver | 117 +++++++++++++++++++++++--
>> debian/helpers/usr/share/tigervnc/ecparams.pem | 3 +
>> debian/helpers/usr/share/tigervnc/ssleay.cnf | 61 +++++++++++++
>> debian/tigervnc-standalone-server.install | 2 +
>> 5 files changed, 185 insertions(+), 8 deletions(-)
>> create mode 100644 debian/helpers/usr/share/tigervnc/ecparams.pem
>> create mode 100644 debian/helpers/usr/share/tigervnc/ssleay.cnf
>>
>>
>> hooks/post-receive
>> --
>> pkg-tigervnc.git (Git repository for pkg-tigervnc)
>>
>> This is an automated email from the git hooks/post-receive script. It was
>> generated because a ref change was pushed to the repository containing
>> the project "pkg-tigervnc.git" (Git repository for pkg-tigervnc).
>
> Regards,
> Joachim Falk
>
>
More information about the Pkg-tigervnc-devel
mailing list