[Bug 1324897] [NEW] make-ssl-cert creates improper hash symlink to ssl-cert-snakeoil.pem
Cedric Gustin
cedric.gustin at gmail.com
Fri May 30 11:57:04 UTC 2014
Public bug reported:
Steps to reproduce :
1. Generate new snakeoil SSL certificates with 'sudo make-ssl-cert generate-default-snakeoil --force-overwrite'
2. Get hash of new certificate with 'openssl x509 -hash -noout -in /etc/ssl/certs/ssl-cert-snakeoil.pem', say fd1e9cf4
3. Check that fd1e9cf4.0 symlink to ssl-cert-snakeoil.pem was created in /etc/ssl/certs
Problem :
- fd1e9cf4 symlink is created instead of fd1e9cf4.0 (with .0 extension)
- if you're lucky, hash has not changed and you still have the old fd1e9cf4.0 symlink.
- if you're unlucky (random seed has changed or you choose a different keysize), hash will change, wrong symlink will be created and certification validation will fail for example when using TLS with postfix :
postfix/smtpd[3828]: warning: TLS library problem:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1260:SSLalert number 48
** Affects: ssl-cert (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ssl-cert in Ubuntu.
https://bugs.launchpad.net/bugs/1324897
Title:
make-ssl-cert creates improper hash symlink to ssl-cert-snakeoil.pem
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1324897/+subscriptions
More information about the Ubuntu-server-bugs
mailing list