Stop shipping ssl-cert-snakeoil in the ISO
We’re currently shipping /etc/ssl/certs/ssl-cert-snakeoil.pem
and
/etc/ssl/private/ssl-cert-snakeoil.key
, that are the same for all
users in a given Tails release. Not only this introduces needless
variations (hence blocks #5630 (closed)), but there’s a risk that some package
(either one we already ship, or one that we ship some day, or one that
users install themselves) actually use this pair of SSL keys on the
Internet, which is wrong since the private key material is public.
live-build
has been deleting those file since 4.0~a20-1 with
share/hooks/live/0195-remove-ssl-cert-snakeoil.hook.chroot
.
Feature Branch: bugfix/9416-no-ssl-cert-snakeoil
Related issues
- Blocks #5630 (closed)
Original created by @intrigeri on 9416 (Redmine)