ProHoster > Blog > internet nhau > Kuparara muOpenBSD, DragonFly BSD uye Electron nekuda kweIdenTrust mudzi chitupa kupera

Kuparara muOpenBSD, DragonFly BSD uye Electron nekuda kweIdenTrust mudzi chitupa kupera

Kudzikiswa kweiyo IdenTrust midzi chitupa (DST Root CA X3), yakashandiswa kuchinjika-kusaina Let's Encrypt CA mudzi chitupa, kwakonzera matambudziko neRega Encrypt chitupa chekuongorora mumapurojekiti tichishandisa shanduro dzekare dzeOpenSSL neGnuTLS. Matambudziko akakanganisawo raibhurari yeLibreSSL, vagadziri vacho vasina kurangarira zvakaitika kare zvine chekuita nekutadza kumuka mushure mekunge Sectigo (Comodo) CA's AddTrust mudzi chitupa chapera.

Ngatiyeukei kuti muOpenSSL inoburitswa kusvika kubazi 1.0.2 inosanganisirwa uye muGnuTLS isati yaburitswa 3.6.14, paive nebug yaisatendera zvitupa zvakasainwa kuti zvigadziriswe nemazvo kana chimwe chezvitupa zvakashandiswa kusaina chakave chekare. , kunyangwe mamwe akavimbika akachengetedzwa cheni dzekuvimba (panyaya yeRet Encrypt, kusashanda kweiyo IdenTrust midzi chitupa kunodzivirira kusimbiswa, kunyangwe iyo system ine rutsigiro rweLet Encrypt's own root certificate, inoshanda kusvika 2030). Mhedziso yebug ndeyekuti shanduro dzekare dzeOpenSSL neGnuTLS dzakapatsanura chitupa sengetani yemutsara, nepo maererano neRFC 4158, chitupa chinogona kumiririra girafu rakatenderedzwa rakatenderedzwa rine akawanda trust anchors anoda kuverengerwa.

Sechigadziriso chekugadzirisa kukundikana, zvinotarisirwa kudzima "DST Root CA X3" chitupa kubva pakuchengetedza system (/etc/ca-certificates.conf uye /etc/ssl/certs), uye wobva wamhanyisa murairo "update". -ca-certificates -f -v" "). PaCentOS neRHEL, unogona kuwedzera chitupa che "DST Root CA X3" kune yakasviba: trust dump -sefa "pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1% 4b%90 %75%ff%c4%15%60%85%89%10" | opensl x509 | sudo tee /etc/pki/ca-trust/source/blacklist/DST-Root-CA-X3.pem sudo update-ca-trust extract

Kumwe kuputsika kwatakaona kwakaitika mushure mekunge chitupa chemudzi weIdenTrust chapera:

  • MuOpenBSD, iyo syspatch utility, inoshandiswa kuisa binary system inogadziridza, yamira kushanda. Iyo OpenBSD purojekiti nhasi yakakurumidza kuburitsa zvigamba zvemapazi 6.8 uye 6.9 anogadzirisa matambudziko muLibreSSL nekutarisa-akasaina zvitupa, imwe yemidzi zvitupa mucheni yekuvimba iyo yapera. Sekugadzirisa dambudziko, zvinokurudzirwa kuchinja kubva kuHTTPS kuenda kuHTTP mu /etc/installurl (izvi hazvityisidzire chengetedzo, sezvo zvigadziriso zvichiwedzerwa nekusimbiswa nedhijitari siginecha) kana kusarudza imwe girazi (ftp.usa.openbsd. org, ftp.hostserver.de, cdn.openbsd.org). Iwe unogona zvakare kubvisa iyo yakapera nguva DST Root CA X3 mudzi chitupa kubva pa /etc/ssl/cert.pem faira.
  • MuDragonFly BSD, matambudziko akafanana anoonekwa kana uchishanda neDPorts. Kana uchitanga iyo pkg package maneja, chikanganiso chekusimbisa chitupa chinobuda. Kugadzirisa kwakawedzerwa nhasi kune tenzi, DragonFly_RELEASE_6_0 uye DragonFly_RELEASE_5_8 mapazi. Sekushanda, unogona kubvisa DST Root CA X3 chitupa.
  • Maitiro ekusimbisa Ngatisimbisei zvitupa mumashandisirwo akavakirwa paElectron papuratifomu akaputswa. Dambudziko rakagadziriswa mukuvandudza 12.2.1, 13.5.1, 14.1.0, 15.1.0.
  • Kumwe kugovera kune matambudziko ekuwana matura epasuru paunenge uchishandisa iyo APT package maneja ine chekuita neshanduro dzekare dzeGnuTLS raibhurari. Debian 9 yakabatwa nedambudziko, iyo yakashandisa isina kurongeka GnuTLS package, izvo zvakakonzera matambudziko pakuwana deb.debian.org yevashandisi vasina kuisa iyo update nenguva (iyo gnutls28-3.5.8-5+deb9u6 gadziriso yakapihwa musi waSeptember 17). Sekugadzirisa, zvinokurudzirwa kubvisa DST_Root_CA_X3.crt kubva pa /etc/ca-certificates.conf file.
  • Kushanda kweacme-mutengi mune yekugovera kit yekugadzira OPNsense firewalls kwakakanganiswa; dambudziko rakataurwa pachine nguva, asi vanogadzira havana kukwanisa kuburitsa chigamba nenguva.
  • Dambudziko rakakanganisa OpenSSL 1.0.2k package muRHEL/CentOS 7, asi svondo rapfuura imwe update kune ca-certificates-7-7.el2021.2.50_72.noarch package yakagadzirwa RHEL 7 neCentOS 9, kubva kwakabva IdenTrust. chitupa chakabviswa, i.e. kuratidzwa kwedambudziko kwakavharwa pachine nguva. Imwe shanduro yakafanana yakabudiswa svondo rapfuura kuUbuntu 16.04, Ubuntu 14.04, Ubuntu 21.04, Ubuntu 20.04 uye Ubuntu 18.04. Sezvo zvigadziriso zvakaburitswa pachine nguva, dambudziko rekutarisa Let's Encrypt zvitupa rakangobata vashandisi vemapazi ekare eRHEL/CentOS uye Ubuntu vasingagare vachiisa zvigadziriso.
  • Maitiro ekusimbisa zvitupa mugrpc akatyoka.
  • Cloudflare Mapeji chikuva kuvaka kwakundikana.
  • Matambudziko muAmazon Web Services (AWS).
  • DigitalOcean vashandisi vane matambudziko ekubatanidza kune database.
  • Iyo Netlify cloud platform yaparara.
  • Matambudziko ekuwana masevhisi eXero.
  • Kuedza kumisikidza kubatana kweTLS kuWeb API yeMailGun service yakundikana.
  • Kuparara kweshanduro dze macOS uye iOS (11, 13, 14), iyo nedzidziso yaisafanirwa kunge yakakanganiswa nedambudziko.
  • Masevhisi eCatchpoint atadza kushanda.
  • Chikanganiso chekutarisa zvitupa paunenge uchiwana PostMan API.
  • Guardian Firewall yaparara.
  • The monday.com rutsigiro peji rakaputsika.
  • Cerb platform yaparara.
  • Uptime cheki yakundikana muGoogle Cloud Monitoring.
  • Nyaya ine chitupa chekuongorora muCisco Umbrella Chengetedza Webhu Gedhi.
  • Matambudziko akabatana neBluecoat uye Palo Alto proxies.
  • OVHcloud iri kuita matambudziko ekubatanidza kuOpenStack API.
  • Matambudziko nekugadzira mishumo muShopify.
  • Pane matambudziko ekuwana iyo Heroku API.
  • Ledger Live Manager kubondera.
  • Chikanganiso chekusimbisa chitupa muFacebook App Developer Tools.
  • Matambudziko muSophos SG UTM.
  • Matambudziko nekusimbiswa kwechitupa muCanel.

Source: opennet.ru

Voeg