ProHoster > Блог > ozi ịntanetị > Mkpọka na OpenBSD, DragonFly BSD na Electron n'ihi ngafe akwụkwọ mgbọrọgwụ IdenTrust

Mkpọka na OpenBSD, DragonFly BSD na Electron n'ihi ngafe akwụkwọ mgbọrọgwụ IdenTrust

Mwepu nke akwụkwọ mgbọrọgwụ IdenTrust (DST Root CA X3), nke a na-eji na-agafe akwụkwọ ikike ka anyị Encrypt CA mgbọrọgwụ, akpatala nsogbu na nkwenye nkwenye nke Let's Encrypt na oru ngo site na iji ụdị OpenSSL na GnuTLS ochie. Nsogbu metụtakwara ọbá akwụkwọ LibreSSL, ndị mmepe ya echebaraghị ahụmịhe gara aga metụtara ọdịda nke bilitere mgbe akwụkwọ mgbọrọgwụ AddTrust nke Sectigo (Comodo) CA ghọrọ ihe mgbe ochie.

Ka anyị cheta na na OpenSSL wepụtara ruo alaka 1.0.2 gụnyere yana na GnuTLS tupu ahapụ ya 3.6.14, enwere ahụhụ na-ekweghị ka ahazi asambodo mbinye aka nke ọma ma ọ bụrụ na otu n'ime asambodo mgbọrọgwụ ejiri maka ịbịanye aka ochie ghọrọ ihe ochie. , ọbụlagodi ma ọ bụrụ na echekwara ntụkwasị obi ndị ọzọ dị irè (n'ihe banyere Ka anyị Encrypt, njedebe nke akwụkwọ mgbọrọgwụ IdenTrust na-egbochi nkwenye, ọbụlagodi na sistemụ ahụ nwere nkwado maka akwụkwọ ikike mgbọrọgwụ nke Encrypt, dị irè ruo 2030). Isi nke ahụhụ ahụ bụ na ụdị OpenSSL na GnuTLS ochie tụgharịrị asambodo ahụ dị ka eriri ahịrị, ebe dịka RFC 4158 siri dị, asambodo nwere ike ịnọchite anya eserese okirikiri ekesa ekesara nwere ọtụtụ arịlịka ntụkwasị obi kwesịrị iburu n'uche.

Dị ka ihe na-arụ ọrụ iji dozie ọdịda ahụ, a na-atụ aro ka ihichapụ akwụkwọ "DST Root CA X3" na nchekwa sistemu (/etc/ca-certificates.conf na /etc/ssl/certs), wee mee iwu ahụ “mmelite. -ca-certificates -f -v”). Na CentOS na RHEL, ị nwere ike itinye akwụkwọ “DST Root CA X3” na ndetu ojii: ntụkwasị obi dump — iyo “pkcs11: id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1% 4b%90 %75%ff%c4%15%60%85%89%10" | emepee x509 | sudo tee /etc/pki/ca-trust/source/blacklist/DST-Root-CA-X3.pem sudo update-ca-trust wepụ

Ụfọdụ n'ime mkpọka anyị hụrụ nke mere ka akwụkwọ mgbọrọgwụ IdenTrust gwụchara:

  • Na OpenBSD, ngwa syspatch, nke eji wụnye mmelite sistemụ ọnụọgụ abụọ, akwụsịla ịrụ ọrụ. Ọrụ OpenBSD taa weputara patches ngwa ngwa maka alaka 6.8 na 6.9 na-edozi nsogbu na LibreSSL site na ịlele asambodo mbinye aka, otu n'ime asambodo mgbọrọgwụ na agbụ ntụkwasị obi nke agwụla. Dị ka ihe na-arụ ọrụ maka nsogbu ahụ, a na-atụ aro ka ị gbanwee site na HTTPS gaa na HTTP na /etc/installurl (nke a anaghị etinye nchebe, ebe ọ bụ na mbinye aka dijitalụ kwadoro mmelite ọzọ) ma ọ bụ họrọ enyo ọzọ (ftp.usa.openbsd. org, ftp.hostserver.de, cdn.openbsd.org). Ị nwekwara ike wepụ akwụkwọ mgbọrọgwụ DST Root CA X3 kubie ume na faịlụ /etc/ssl/cert.pem.
  • Na DragonFly BSD, a na-ahụ nsogbu ndị yiri ya mgbe gị na ndị DPort na-arụ ọrụ. Mgbe ịmalite njikwa ngwungwu pkg, njehie nkwenye akwụkwọ na-apụta. Agbakwunyere ndozi ahụ taa na ngalaba nna ukwu, DragonFly_RELEASE_6_0 na DragonFly_RELEASE_5_8. Dị ka ihe na-arụ ọrụ, ị nwere ike wepu akwụkwọ DST Root CA X3.
  • Usoro nke nyochaa ka anyị zoo asambodo na ngwa dabere na ikpo okwu Electron gbajiri. Edoziri nsogbu ahụ na mmelite 12.2.1, 13.5.1, 14.1.0, 15.1.0.
  • Ụfọdụ nkesa nwere nsogbu ịnweta ebe nchekwa ngwungwu mgbe ị na-eji njikwa ngwugwu APT jikọtara ya na ụdị ochie nke ọba akwụkwọ GnuTLS. Nsogbu ahụ metụtara Debian 9, nke jiri ngwugwu GnuTLS na-enweghị ike, nke butere nsogbu mgbe ị na-enweta deb.debian.org maka ndị ọrụ na-etinyeghị mmelite ahụ n'oge (a na-enye ihe ndozi gnutls28-3.5.8-5+deb9u6). na Septemba 17). Dị ka ihe na-arụ ọrụ, a na-atụ aro ka iwepu DST_Root_CA_X3.crt na faịlụ /etc/ca-certificates.conf.
  • A na-akpaghasị ọrụ nke acme-client na nkesa nkesa maka ịmepụta ọkụ ọkụ OPNsense ;
  • Nsogbu a metụtara ngwugwu OpenSSL 1.0.2k na RHEL/CentOS 7, mana otu izu gara aga emelitere mmelite ca-certificates-7-7.el2021.2.50_72.noarch maka RHEL 7 na CentOS 9, nke sitere na IdenTrust. ewepụrụ asambodo, ya bụ. egbochiri ngosipụta nke nsogbu ahụ n'ihu. E bipụtara mmelite yiri nke a otu izu gara aga maka Ubuntu 16.04, Ubuntu 14.04, Ubuntu 21.04, Ubuntu 20.04 na Ubuntu 18.04. Ebe ọ bụ na ewepụtara mmelite ahụ tupu oge eruo, nsogbu dị na ịlele asambodo Let's Encrypt metụtara naanị ndị ọrụ nke ngalaba RHEL/CentOS ochie na Ubuntu ndị na-anaghị etinye mmelite oge niile.
  • Agbajiri usoro nkwenye asambodo na grpc.
  • Ikpokoro ibe Cloudflare dara ada.
  • Nsogbu na Amazon Web Services (AWS).
  • Ndị ọrụ DigitalOcean nwere nsogbu ijikọ na nchekwa data.
  • Igwe igwe ojii Netlify adaala.
  • Nsogbu ịnweta ọrụ Xero.
  • Mgbalị iji guzobe njikọ TLS na Weebụ API nke ọrụ MailGun dara.
  • Mkpọka na nsụgharị nke macOS na iOS (11, 13, 14), bụ nke usoro iwu ekwesịghị imetụta ya.
  • Ọrụ Catchpoint dara.
  • Njehie na-enyocha asambodo mgbe ị na-enweta PostMan API.
  • Firewall Guardian adaala.
  • Agbajiri ibe nkwado monday.com.
  • Ikpo okwu Cerb adaala.
  • Nlele oge na-ada ada na Google Cloud Monitoring.
  • Wepụta nkwenye asambodo na Cisco Umbrella Secure Web Gateway.
  • Nsogbu ijikọ na Bluecoat na Palo Alto proxies.
  • OVHcloud na-enwe nsogbu ijikọ na OpenStack API.
  • Nsogbu na iwepụta akụkọ na Shopify.
  • Enwere nsogbu ịnweta Heroku API.
  • Onye njikwa Live Ledger daa.
  • Njehie nkwenye asambodo na Ngwa Mmepụta Ngwa Facebook.
  • Nsogbu na Sophos SG UTM.
  • Nsogbu dị na nkwenye asambodo na cPanel.

isi: opennet.ru

Tinye a comment