On Thu, May 15, 2008 at 09:31:25PM -0300, Felipe Augusto van de Wiel (faw) wrote: > On 15-05-2008 20:43, Chris Adams wrote: > > > > On May 15, 2008, at 6:25 PM, Alex Samad wrote: > >> is there away to check x509 certs with these tools ? > > > > Yes - the wiki has one (http://wiki.debian.org/SSLkeys) but you might > > prefer the openssl-blacklist package which Ubuntu prepared: > > > > https://launchpad.net/ubuntu/+source/openssl-blacklist/ > > > > It runs out of the box on Debian and if you edit debian/control to > > change the openssl dependency from the Ubuntu version > > (0.9.8g-4ubuntu3.1) to the Debian version (0.9.8c-4etch3) you can > > dpkg-buildpackage it and deploy it to multiple systems. I used it like > > this to flush out Apache keys: > > > > sudo find /etc/ -xdev -type f -name \*.key -exec openssl-vulnkey {} \; > > Speaking about that, are there plans to deploy > openssl-blacklist in Debian as an official package?
Yes, I'll do that as part of the changes required in OpenVPN due to the OpenSSL bug. Coming shortly. -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
