From owner-freebsd-doc@FreeBSD.ORG Mon Jul 28 22:39:50 2014 Return-Path: Delivered-To: freebsd-doc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4F91C8A5 for ; Mon, 28 Jul 2014 22:39:50 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1DC522D61 for ; Mon, 28 Jul 2014 22:39:50 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6SMdnmQ060301 for ; Mon, 28 Jul 2014 22:39:49 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 192225] New: Updates and corrections to OpenSSL section of the Handbook (14.6.1) Date: Mon, 28 Jul 2014 22:39:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Documentation X-Bugzilla-Component: Documentation X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: rsimmons0@gmail.com X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-doc@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2014 22:39:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192225 Bug ID: 192225 Summary: Updates and corrections to OpenSSL section of the Handbook (14.6.1) Product: Documentation Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: Normal Component: Documentation Assignee: freebsd-doc@FreeBSD.org Reporter: rsimmons0@gmail.com Created attachment 145107 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=145107&action=edit diff with corrections The attached patch addresses the following items: 1) Minimum of 2048 bit keys are now recommended, with 1024 bit being deprecated. 2) RSA or ECDSA are preferred over DSA, so the example now uses RSA. 3) Key, request, and certificate file names are all now consistent. 4) The self signed cert instructions are clearer with just two steps, and are in line with the instructions in OpenSSL's documentation. 5) Key generation step changed to use the currently preferred genpkey (in line with the man page's notes that other commands have been obsoleted/superseded by genpkey). 6) Added a step to create an empty key file with proper permissions before key creation. The way the key was being generated before left a possibly world readable private key file on the file system for a period of time until the user changes the permissions with chmod. 7) Fixed a typo in the recommended permissions from 0700 to 0600. There's no need to set this as executable. -- You are receiving this mail because: You are the assignee for the bug.