summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGustav Eek <gustav@fripost.org>2015-01-19 13:22:10 +0100
committerGustav Eek <gustav@fripost.org>2015-01-19 13:26:28 +0100
commit99fe89e305b6853b4af5a1189c30bf874bb0f0f8 (patch)
tree639bc345829363f0bb3cbe22800cc1581531ca3e
parent6b463d03d9aa67552c1663d5d6dc94554d56d393 (diff)
Website merge, certificate pages merged
The certificate pages *certs.asc* and *certs.mdwn* are added. Links to certificates are added to the main navigation bar in *page.tmpl*.
-rw-r--r--certs.asc88
-rw-r--r--certs.mdwn73
-rw-r--r--templates/page.tmpl1
-rw-r--r--tracker/Merge_wiki_website_and_website.mdwn18
4 files changed, 171 insertions, 9 deletions
diff --git a/certs.asc b/certs.asc
new file mode 100644
index 0000000..bee6214
--- /dev/null
+++ b/certs.asc
@@ -0,0 +1,88 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+The following is an up-to date list of SHA-1 and SHA-256 fingerprints of all
+X.509 certificates Fripost uses on its publicly available services. Please
+consider any mismatch as a man-in-the-middle attack, and let us know
+immediately! -- admin@fripost.org
+
+
+ * IMAP server
+ imap.fripost.org:993
+ SHA1 BE:CA:4E:39:C6:11:6B:FC:70:38:6C:DB:A6:7E:1C:10:2A:E5:09:C4
+ SHA256 12:D5:03:C2:D5:1C:D6:55:A9:50:FB:A4:99:69:E8:DC:3A:DE:50:74:D7:2A:F9:70:F2:80:73:13:CA:4D:56:B1
+
+ * SMTP servers (STARTTLS)
+ smtp.fripost.org:587 (Mail Submission Agent)
+ SHA1 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC
+ SHA256 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB
+
+ mx1.fripost.org:25 (1st Mail eXchange)
+ SHA1 A5:9D:30:9A:49:4E:45:02:05:4B:D9:F8:12:8E:EE:F3:A8:CD:5C:4A
+ SHA256 85:C9:C3:07:D6:BB:4E:A2:66:DF:DA:3B:B8:A4:D6:B3:71:B0:48:05:DD:A6:87:83:3F:B5:3E:4F:CF:1E:30:5B
+
+ mx2.fripost.org:25 (2nd Mail eXchange)
+ SHA1 67:67:D2:A6:0A:E5:8F:83:A9:85:26:01:71:80:24:C6:0B:DA:30:4F
+ SHA256 B1:F4:82:E9:6E:B7:B0:0A:4A:FE:BD:92:6C:8D:EE:F6:6E:8C:1B:33:D3:7A:4B:6E:FB:37:D9:21:62:99:C2:73
+
+ * Web servers
+ fripost.org:443 (website), mail.fripost.org:443 (webmail), lists.fripost.org:443 (list manager)
+ SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59
+ SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A
+
+ wiki.fripost.org:443 (wiki)
+ SHA1 96:4E:77:71:F3:2B:C7:60:50:58:37:53:C4:B1:F1:50:95:69:FD:C0
+ SHA256 D0:02:01:81:03:86:F3:53:8A:BA:DE:7D:07:D5:E0:31:D8:5B:5D:35:72:BC:68:8B:E4:BF:86:33:42:43:21:90
+
+ git.fripost.org:443 (git server and its web interface)
+ SHA1 EA:50:38:19:38:6A:49:BF:5D:3C:4D:04:64:6F:0D:D3:AC:20:76:C2
+ SHA256 08:D9:18:05:A3:F5:B6:8E:20:81:E1:8A:36:1B:44:AD:4E:36:6D:D1:BA:FC:3D:26:F9:F5:4B:68:A9:0F:F3:21
+
+ antilop.fripost.org:443 (list manager)
+ SHA1 6F:1A:3B:0F:2C:5A:BC:33:09:C6:D4:F8:43:2C:07:6E:B0:FD:DB:7B
+ SHA256 FA:AC:E2:4C:C7:DD:D8:A6:24:20:0E:48:FC:91:D2:F0:CC:BD:BD:57:B1:F9:67:84:73:96:F1:90:4C:50:C1:F1
+
+
+To get the whole certificate for imap.fripost.org:993, type the following
+command in a shell:
+
+ openssl s_client -connect imap.fripost.org:993 </dev/null
+
+(For protocols using the STARTTLS directive such as SMTP, you'll have to call
+s_client with '-starttls smtp'. Another useful option is '-showcerts', which
+prints the whole server certificate chain.)
+
+You'll find the X.509 certificate wrapped between
+
+ -----BEGIN CERTIFICATE-----
+ [...]
+ -----END CERTIFICATE-----
+
+If you store it (including the delimiters) into /path/to/certificate.pem,
+you can then ensure that its fingerprints match the ones above:
+
+ openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha1
+ openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha256
+
+Alternatively, using a pipe:
+
+ openssl s_client -connect imap.fripost.org:993 </dev/null \
+ | openssl x509 -noout -fingerprint -sha256
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAEBCgAGBQJUtBK0AAoJENOaSZw8IaVSDR8P/253K8jPqwgr7g7LLi40Q8js
+ZF915hOcY5CKHHE73PylWl4hMh3CbD73GcQ6338pizNrbmhGVu5omafGCkpJwocW
+dgDsX/pLybzxwx1Z5CQDBNEUpJh1/q/25yZ+11nx/Msf37oEIjiQx3efdL3BSrdV
+VokvTIcUDRWaQqyr/zaBHLH0/yS2caWlWQKgLIyASaWPSXQuwfgTIufX/+h8ni3E
+QK8c7GhFhCTaoU01igRxLexm6abm5F0szDtwEiEejxHyV0EJIC6R2eNIL/jQvXuS
+p3GzcQkw7GX12bYksv+NnqS3VxxZ9Wm1vGx/nraDeVzxZKvAw21i/nw5625i201o
+tFSoH9fKdR4UTksCJZdZyFG3cQ/GAVgJZicsHGzLVeT36Lb+F460iQ95ThTPnJRz
+jSUs9I3EDA1wsy7Jc+kdrH81B7G35p8j3u2TOPWXp5YEaxmDz8bCfinE9u7YUaOt
+4mHJv4RTu6aPbHE1RXY93pjKjCojqi4H1Y6sxyKs2Z4dAXWSJJxRvgc62JLP3TrL
+2lUucGS3vT/cGcZXvxnybOHtG1WYzAnoii+7hyNqdUdVfcroLI1Z3GDzjE5UmvYf
+p0K03H2yK4Rkx1blCpGCRWagccRtGFcaPwMvpV6xGzOFuFewx8kR/88OgM12qDF3
+O5gofR/AotWZyCdaz5au
+=c3XP
+-----END PGP SIGNATURE-----
diff --git a/certs.mdwn b/certs.mdwn
new file mode 100644
index 0000000..268ff64
--- /dev/null
+++ b/certs.mdwn
@@ -0,0 +1,73 @@
+# Certificates at Fripost
+
+The following is an up-to date list of SHA-1 and SHA-256 fingerprints of all
+X.509 certificates Fripost uses on its publicly available services. Please
+consider any mismatch as a man-in-the-middle attack, and let us know
+immediately! -- admin@fripost.org
+
+Also refer to the [[signed version of this page|certs.asc]]
+
+ * IMAP server
+
+ imap.fripost.org:993
+ SHA1 BE:CA:4E:39:C6:11:6B:FC:70:38:6C:DB:A6:7E:1C:10:2A:E5:09:C4
+ SHA256 12:D5:03:C2:D5:1C:D6:55:A9:50:FB:A4:99:69:E8:DC:3A:DE:50:74:D7:2A:F9:70:F2:80:73:13:CA:4D:56:B1
+
+ * SMTP servers (STARTTLS)
+
+ smtp.fripost.org:587 (Mail Submission Agent)
+ SHA1 03:87:02:C9:6E:01:D3:AD:BC:EC:77:CC:A5:C5:37:C1:D8:C1:29:BC
+ SHA256 6C:89:92:3C:A2:53:E0:14:9E:14:11:17:FF:FA:EB:12:3E:BA:0A:B0:C2:BE:70:18:8C:3D:7A:69:EB:00:5E:BB
+
+ mx1.fripost.org:25 (1st Mail eXchange)
+ SHA1 A5:9D:30:9A:49:4E:45:02:05:4B:D9:F8:12:8E:EE:F3:A8:CD:5C:4A
+ SHA256 85:C9:C3:07:D6:BB:4E:A2:66:DF:DA:3B:B8:A4:D6:B3:71:B0:48:05:DD:A6:87:83:3F:B5:3E:4F:CF:1E:30:5B
+
+ mx2.fripost.org:25 (2nd Mail eXchange)
+ SHA1 67:67:D2:A6:0A:E5:8F:83:A9:85:26:01:71:80:24:C6:0B:DA:30:4F
+ SHA256 B1:F4:82:E9:6E:B7:B0:0A:4A:FE:BD:92:6C:8D:EE:F6:6E:8C:1B:33:D3:7A:4B:6E:FB:37:D9:21:62:99:C2:73
+
+ * Web servers
+
+ fripost.org:443 (website), mail.fripost.org:443 (webmail), lists.fripost.org:443 (list manager)
+ SHA1 E1:82:59:FD:7F:9A:11:EF:DC:1B:46:3B:AB:9F:F6:BB:A0:E4:D4:59
+ SHA256 7D:F2:7C:67:90:91:EB:5E:1E:25:D0:7B:A4:A5:72:9F:EA:20:EC:F0:74:1C:25:66:1D:72:56:A3:3B:53:D9:9A
+
+ wiki.fripost.org:443 (wiki)
+ SHA1 96:4E:77:71:F3:2B:C7:60:50:58:37:53:C4:B1:F1:50:95:69:FD:C0
+ SHA256 D0:02:01:81:03:86:F3:53:8A:BA:DE:7D:07:D5:E0:31:D8:5B:5D:35:72:BC:68:8B:E4:BF:86:33:42:43:21:90
+
+ git.fripost.org:443 (git server and its web interface)
+ SHA1 EA:50:38:19:38:6A:49:BF:5D:3C:4D:04:64:6F:0D:D3:AC:20:76:C2
+ SHA256 08:D9:18:05:A3:F5:B6:8E:20:81:E1:8A:36:1B:44:AD:4E:36:6D:D1:BA:FC:3D:26:F9:F5:4B:68:A9:0F:F3:21
+
+ antilop.fripost.org:443 (list manager)
+ SHA1 6F:1A:3B:0F:2C:5A:BC:33:09:C6:D4:F8:43:2C:07:6E:B0:FD:DB:7B
+ SHA256 FA:AC:E2:4C:C7:DD:D8:A6:24:20:0E:48:FC:91:D2:F0:CC:BD:BD:57:B1:F9:67:84:73:96:F1:90:4C:50:C1:F1
+
+
+To get the whole certificate for imap.fripost.org:993, type the following
+command in a shell:
+
+ openssl s_client -connect imap.fripost.org:993 </dev/null
+
+(For protocols using the STARTTLS directive such as SMTP, you'll have to call
+s_client with '-starttls smtp'. Another useful option is '-showcerts', which
+prints the whole server certificate chain.)
+
+You'll find the X.509 certificate wrapped between
+
+ -----BEGIN CERTIFICATE-----
+ [...]
+ -----END CERTIFICATE-----
+
+If you store it (including the delimiters) into /path/to/certificate.pem,
+you can then ensure that its fingerprints match the ones above:
+
+ openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha1
+ openssl x509 -in /path/to/certificate.pem -noout -fingerprint -sha256
+
+Alternatively, using a pipe:
+
+ openssl s_client -connect imap.fripost.org:993 </dev/null \
+ | openssl x509 -noout -fingerprint -sha256
diff --git a/templates/page.tmpl b/templates/page.tmpl
index 5bef758..58e3185 100644
--- a/templates/page.tmpl
+++ b/templates/page.tmpl
@@ -59,6 +59,7 @@
<li><a href="https://fripost.org/medlemskap.html">Gå med</a></li>
<li><a href="<TMPL_VAR BASEURL>kontakt/">Kontakt</a></li>
<li><a href="<TMPL_VAR BASEURL>">Wiki</a></li>
+ <li><a href="<TMPL_VAR BASEURL>certs/">Certifikat</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li>
diff --git a/tracker/Merge_wiki_website_and_website.mdwn b/tracker/Merge_wiki_website_and_website.mdwn
index 4923e60..b208de3 100644
--- a/tracker/Merge_wiki_website_and_website.mdwn
+++ b/tracker/Merge_wiki_website_and_website.mdwn
@@ -9,8 +9,9 @@ Regarding redesign, the following are requirements:
* Visitors of [https://fripost.org] should be brought to the "Hem" page
* Visitors of [https://wiki.fripost.org] should be bought to the wiki index page.
-* The pages "Hem", "Om", "Gå med", and "Kontakt" should be locked from
- external edits, and edit buttons and navigation should be hidden.
+* The pages "Hem", "Om", "Gå med", "Kontakt", and "Certifikat" should
+ be locked from external edits, and edit buttons and navigation
+ should be hidden.
* The "FAQ" page should shared between the website and the wiki: It
should be editable but still displayed as if it was part of the
website.
@@ -32,9 +33,9 @@ Regarding merging, the following is the checklist:
* *årsmöte.txt* (what to do?)
* In *sites* the following pages should be attended and possibly be
added to the wiki
- * *certs* (what to do?)
- * *certs.asc* (what to do?)
- * *default.css* (what to do?)
+ * *certs* -- Added as a page, *certs.mdwn*, which is accessed from the main navigation bar
+ * *certs.asc* -- Added as a file, accessed from *certs.mdwn*
+ * *default.css* -- Dropped
* *faq.org* (what to do?)
* *gnutiken.org* (what to do?)
* *index.en.org* (what to do?)
@@ -55,7 +56,6 @@ Regarding merging, the following is the checklist:
* Check whether the content in *material* is available from the
*propaganda* git repository. If it isn't, do something about it
-
-
-
-
+Consider to get back to how the certificate pages are accessed. It
+would be more natural to access a certificate page from a side note on
+the "Hem" page, the way it was done in the org-mode based website.