Public bug reported:
If a printer preferrably prints through ipps, Cups will store the
printers (self signed) certificate in /etc/cups/ssl/
However, if this certificate becomes outdated or invalid, or if it
changes, it will *not be removed* and Cups only complains that the
"backend returned status 4", "No suitable destination host found by
cups-browsed". Even removing the printer manually will not remove the
old certificate, rendering the printer invalid for life: when te printer
re-appears, the old, invalid certificate is still there, resulting in
the printer still not working.
Steps to reproduce:
- use a printer that prefers ipps, let's call it printer_bob
- let this printer appear in your printer list
- make a test print
- Now remove the printer and check that the certificate will survive:
lpadmin -x printer_bob; ls -al /etc/cups/ssl/*bob*crt
What happens:
- certificate is still there
What should happen:
- a removed printer should not have a certificate left
Now in this example, it's rather harmless because the certificate is
probably still valid. But a printer update, rename or otherwise will
render it invalid and printing will become impossible.
You could simulate a name change for printers:
mv /etc/cups/ssl/printer-carol.local.crt /etc/cups/ssl/printer-bob.local.crt
Or simply mess up the certificate:
sed -i '2s/./a/g' /etc/cups/ssl/printer-bob.local.crt
After this, you will *not* be able to print to printer-bob, because bob
has the wrong certificate (obviously). Removing printer-bob does not
help. You will need to manually remove the certificate in order to make
bob print again. /var/log/cups/error.log will only say that "no suitable
destination host found", which is not true: there *is* a destination but
the SSL certificate does not match and Cups will only try the first
printing method, ipps.
** Affects: cups (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- Printer SSL certificates are added but never removed, resulting in non
working printers
+ Printer SSL certificates are added but never removed, resulting in "no
suitable destination host found by cups-browsed"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1984107
Title:
Printer SSL certificates are added but never removed, resulting in "no
suitable destination host found by cups-browsed"
Status in cups package in Ubuntu:
New
Bug description:
If a printer preferrably prints through ipps, Cups will store the
printers (self signed) certificate in /etc/cups/ssl/
However, if this certificate becomes outdated or invalid, or if it
changes, it will *not be removed* and Cups only complains that the
"backend returned status 4", "No suitable destination host found by
cups-browsed". Even removing the printer manually will not remove the
old certificate, rendering the printer invalid for life: when te
printer re-appears, the old, invalid certificate is still there,
resulting in the printer still not working.
Steps to reproduce:
- use a printer that prefers ipps, let's call it printer_bob
- let this printer appear in your printer list
- make a test print
- Now remove the printer and check that the certificate will survive:
lpadmin -x printer_bob; ls -al /etc/cups/ssl/*bob*crt
What happens:
- certificate is still there
What should happen:
- a removed printer should not have a certificate left
Now in this example, it's rather harmless because the certificate is
probably still valid. But a printer update, rename or otherwise will
render it invalid and printing will become impossible.
You could simulate a name change for printers:
mv /etc/cups/ssl/printer-carol.local.crt /etc/cups/ssl/printer-bob.local.crt
Or simply mess up the certificate:
sed -i '2s/./a/g' /etc/cups/ssl/printer-bob.local.crt
After this, you will *not* be able to print to printer-bob, because
bob has the wrong certificate (obviously). Removing printer-bob does
not help. You will need to manually remove the certificate in order to
make bob print again. /var/log/cups/error.log will only say that "no
suitable destination host found", which is not true: there *is* a
destination but the SSL certificate does not match and Cups will only
try the first printing method, ipps.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1984107/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
