Control: severity -1 normal
Control: tag -1 + confirmed

[ https://bugs.debian.org/927435 ]

The talk is about stretch -> buster upgrade.

John Eikenberry:
> Package: upgrade-reports
> Severity: normal
> > After upgrading to buster, unbound-control would fail to run with this error.. > > error: Error setting up SSL_CTX client cert
> 139765110753216:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key 
too small:../ssl/ssl_rsa.c:310:
> > To fix this I had to regenerate the certs and keys by removing the old ones and
> running unbound-control-setup, then restarting unbound. This fixed the issue.
> > $ cd /etc/unbound/
> $ sudo rm *.key *.pem
> $ sudo unbound-control-setup
> $ sudo systemctl restart unbound

This can be done in two ways:

1. detect this and warn about this in postinst
2. detect this and do this procedure in postinst

And there's another possible way, and this is the way it has been all this time:
just ignore the damn thing. Because stretch=>buster upgrade happened quite some
time ago... ;)

Seriously, I'm not sure there's a good reason to do proper detection
(which requires checking if remote-control is enabled to start with)
at this time in the game.

Yes, this prob was quite annoying at the time of the upgrade to buster, it
hit me too, but that's history now.

> Note that with unbound-control broken, that broke `systemctl reload unbound` 
as
> it depends on unbound-control.

It is not anymore, reload is now done by sending a SIGHUP.
So things are less severe I think.

Lowering the severity of this bug to normal.

Thanks,

/mjt

Reply via email to