Date: Fri, 19 Sep 1997 00:24:38 +1000 (EST)
Message-Id: <[email protected]>
From: "Simon J. Gerraty" <[email protected]>
To: [email protected]
Cc: [email protected], [email protected]
Subject: SSLrsh-2.0,stelnet-2.0 released

A quick note to announce the release of SSLrsh-2.0.tar.gz
The stelnet (2.0) and bmake (2.1.1) archives have also been updated.

The significant changes are:

o supports SSLeay-0.8.1
There is a patch in ssl/lib/sslfd/crl-081.patch which you need to
apply to SSLeay-0.8.1 if you want CRL checking to work.  Without the
patch it will never find CRL's but should otherwise work ok.

o ssl_rcmd() (and hence all SSLrshd clients), knows how to use a HTTP
proxy, including proxy authentication (See ssl/bin/proxy.sh to see how
to handle authentication).

Note that you will need to configure your proxy to allow connections
to sshell/tcp (port 614), this is trivial for squid and can be done
for the netscape proxy - but not as easily.

Also note that host certs will fail, as SSLrshd will see the
connection as comming from the proxy not the client.  A wild card cert
(below) may avoid this problem.

o handles wild card certs (eg. /CN=*.quick.com.au)

o ssl.users format updated to allow listing hosts from which a cert
will be accepted (really only useful for wildcard certs which I don't
recommend trusting).

o better handling of connections from localhost (will qualify
hostname via DNS)

o multiple auth files.

I can't recall whether the previous release supported multiple auth
files or not.  The current SSLrshd will look for (in order)

/etc/ssl.{deny,root,local,users,global}

This allows me to produce a ssl.global file listing all the certs that
I have issued to users, and SSLrdist that to all host.  The files that
are searched before it, allow the local admin to override the global
file.  If the "name" deny is found against a cert, access is denied
also any match in ssl.deny denies access.

o cleaner build

The fact that these archives are each a sub-set of a much larger build
tree, cause some boot strapping problems in the previous release.
I've unpacked the and built from scratch on a virgin Solaris system
(plus gcc and SSLeay-0.8.1) with no problems.

o pre-formatted man pages included - look for *.cat[138]

Please (please) read everything in the help directory, the man
pages and probably the SSLeay FAQ (links to it in help/*) before you
start building.

Enjoy!

--sjg

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.