diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-01-29 15:28:02 -0500 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-01-29 15:28:02 -0500 |
| commit | 4d6a58a6e4af720a376699ba7c49ecfa3be88da4 (patch) | |
| tree | 15b0d7e456e1ad40111e56ab533bdfff4f36b624 /ChangeLog | |
| parent | c5b08ee1ec3c731b85a3891c366527171bc56009 (diff) | |
| download | systemtap-steved-4d6a58a6e4af720a376699ba7c49ecfa3be88da4.tar.gz systemtap-steved-4d6a58a6e4af720a376699ba7c49ecfa3be88da4.tar.xz systemtap-steved-4d6a58a6e4af720a376699ba7c49ecfa3be88da4.zip | |
Improved certificate security for the client/server.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -9,11 +9,18 @@ ahavi has provided the host name. Don't check that avahi has provided the ip address. Pass the host name to send_receive. (send_receive): Change the name of our host to 'localhost' here. + (check_db): Add recommended (but not fatal) access permission checks. + (check_db_file): Likewise. + * stap-gen-server-cert: Create the certificate database and the + certificate file with the recommended access permissions. + * stap-server (initialization): Call check_db to check the security of + the chosen certificate database. + (check_db,check_db_file,check_cert_file,warning): New functions. 2009-01-28 Dave Brolley <brolley@redhat.com> - * stap-client (initialization): Call check_db to check the security of the - default certificate databases. Initialize find_all. + * stap-client (initialization): Call check_db to check the security of + the default certificate databases. Initialize find_all. (parse_options): Handle the --server option. (process_server): New function. (process_ssl): Call check_db to check the security of the specified |