Pfsense 2.0.1 release disponível!
-
link para o post http://blog.pfsense.org/?p=633
-
:o
Tá na hora da atualização!
Vamos nessa. :D -
"Notes for certificate generation vulnerability
Certificates generated with the built-in certificate manager in all 2.0 versions prior to 2.0.1 are excessively permissive for non-CA certificates. These certificates can be used as a certificate authority, meaning a user can use their own certificate to create chained certificates. We have defaulted OpenVPN on 2.0.1 and newer versions to not accept chained certificates, which mitigates this. However, if untrusted users have certificates generated from 2.0 release, we suggest re-generating all your certificates and issuing new ones. Certificates generated by easy-rsa and imported into 2.0 are not affected.
If using certificates generated on pfSense for other purposes, you should revoke those and issue new certificates generated on 2.0.1. You must utilize a CRL in that case. To be on the safe side, you may want to start from scratch with a new CA and certificates after deleting all your existing ones if this applies to you.
Thanks to Florent Daigniere for bringing this issue to our attention and helping confirm our resolution."putz! :/ instalei em um cliente pfsense semana passada… com openvpn e os certificados... vou ter que voltar la e gerar tudo novamente!