Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

From:	Petr Pisar
Subject:	Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL
Date:	Tue, 8 Jul 2014 16:14:42 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote:
> I'm afraid this is not suitable for us. We need to be able to define the
> policy somewhere in /etc, where the user is not able to change it (only
> the system administrator).
>
I hope can also prevent the user from running his own wget executable, or
ld-preloading modified OpenSSL library, or intercepting open(2) calls to
provide fake /etc file.

> Also the main intention to have a single place to set the policy for all
> system components, therefore wgetrc is not the right place for us.
> 
What about to change wget to call OPENSSL_config(NULL) instead of setting some
hard-coded preference string. Then you can teach OpenSSL to load your /etc
configuration instead of patching each application.

-- Petr

pgpsQW6Ta47VE.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/07
- Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Ángel González, 2014/07/07
  - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/08
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tim Ruehsen, 2014/07/08
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/08
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Giuseppe Scrivano, 2014/07/08
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tim Rühsen, 2014/07/10
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/10
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Nikos Mavrogiannopoulos, 2014/07/22
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Petr Pisar <=
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tim Ruehsen, 2014/07/10
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/10
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tim Ruehsen, 2014/07/10
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/11
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tim Ruehsen, 2014/07/11
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/11
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Ángel González, 2014/07/12
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Giuseppe Scrivano, 2014/07/15
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Tomas Hozza, 2014/07/17
    - Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL, Giuseppe Scrivano, 2014/07/17

Prev by Date: Re: [Bug-wget] [PATCH] Fix for checking iconv_open return code
Next by Date: [Bug-wget] A bug in KFFirstAide, and its solution!
Previous by thread: Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL
Next by thread: Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL
Index(es):
- Date
- Thread