File CVE-2022-1053-02.patch of Package keylime

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-1053-02.patch of Package keylime

From b53231cef001c44f089cf811361b1d60f5359ff2 Mon Sep 17 00:00:00 2001
From: Thore Sommer <mail@thson.de>
Date: Wed, 6 Apr 2022 16:08:44 +0200
Subject: [PATCH] config: remove unused registrar mTLS options in
 cloud_verifier section

Signed-off-by: Thore Sommer <mail@thson.de>
---
 keylime.conf | 24 ------------------------
 1 file changed, 24 deletions(-)

Index: keylime-v6.3.2/keylime.conf
===================================================================
--- keylime-v6.3.2.orig/keylime.conf
+++ keylime-v6.3.2/keylime.conf
@@ -233,30 +233,6 @@ private_key_pw = default
 # Whether verifier validates client certificate
 check_client_cert = True
 
-# Registrar client TLS options. This allows the CV to authenticate the
-# registar before asking for AIKs.
-# This option sets the directory where the CA certificate for the registrar
-# can be found.
-# Use "default" to use the value of 'reg_ca' (this points it to the directory
-# automatically created by the registrar if it is set to "generate").
-# Use "CV" to use 'cv_ca', the directory automatically created (and shared
-# with the registar) by the CV.
-registrar_tls_dir = CV
-
-# The following three options set the filenames where the CA certificate,
-# client certificate, and client private key file are, relative to the 'tls_dir'.
-# If 'tls_dir = default', then default values will be used for 'ca_cert = cacert.crt',
-# 'my_cert = client-cert.crt', and 'private_key = client-private.pem'.
-registrar_ca_cert = default
-registrar_my_cert = default
-registrar_private_key = default
-
-# Set the password needed to decrypt the registrar private key file.
-# This should be set to a strong password.
-# If you are using the auto generated keys from the CV, set the same password
-# here as you did for 'private_key_pw' above.
-registrar_private_key_pw = default
-
 # mTLS configuration for connecting to the agent.
 # Details on why setting it to "False" is generally considered insecure can be found
 # on https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r

Places

File CVE-2022-1053-02.patch of Package keylime

Places