Public bug reported:
I'm issuing command like below:
openssl s_client -connect subdomain.domain.example.com
I have following nsswitch.confg defined:
'''
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat systemd
group: compat systemd
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return]
dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
'''
For host resolution /etc/hosts file should take precedence. But it doesn't work
that way and when I have some unresolvable name it tries to connect to DNS
ignoring local hosts file. The order can be clearly visible in strace:
'''openat(AT_FDCWD, "/usr/lib/ssl/ct_log_list.cnf", O_RDONLY) = -1 ENOENT (No
such file or directory)
openat(AT_FDCWD, "/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file
or directory)
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(5) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(5) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=560, ...}) = 0
read(5, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 560
read(5, "", 4096) = 0
close(5) = 0
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=93, ...}) = 0
read(5, "# The \"order\" line is only used "..., 4096) = 93
read(5, "", 4096) = 0
close(5) = 0
futex(0x7f3d2d2b5ba4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
read(5, "# Generated by NetworkManager\nse"..., 4096) = 64
read(5, "", 4096) = 0
close(5) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=335124, ...}) = 0
mmap(NULL, 335124, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f3d2de05000
close(5) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC)
= 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P#\0\0\0\0\0\0"..., 832)
= 832
fstat(5, {st_mode=S_IFREG|0644, st_size=47568, ...}) = 0
mmap(NULL, 2168632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) =
0x7f3d2cab0000
mprotect(0x7f3d2cabb000, 2093056, PROT_NONE) = 0
mmap(0x7f3d2ccba000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xa000) = 0x7f3d2ccba000
mmap(0x7f3d2ccbc000, 22328, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3d2ccbc000
close(5) = 0
mprotect(0x7f3d2ccba000, 4096, PROT_READ) = 0
munmap(0x7f3d2de05000, 335124) = 0
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 5
'''
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssl 1.1.1-1ubuntu2.1~18.04.6
ProcVersionSignature: Ubuntu 4.15.0-124.127-generic 4.15.18
Uname: Linux 4.15.0-124-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.9-0ubuntu7.20
Architecture: amd64
Date: Mon Nov 23 10:49:41 2020
InstallationDate: Installed on 2015-05-08 (2026 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: Upgraded to bionic on 2018-08-26 (819 days ago)
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic third-party-packages
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1905261
Title:
Openssl ignores order from /etc/nsswitch.conf
Status in openssl package in Ubuntu:
New
Bug description:
I'm issuing command like below:
openssl s_client -connect subdomain.domain.example.com
I have following nsswitch.confg defined:
'''
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat systemd
group: compat systemd
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] resolve
[!UNAVAIL=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
'''
For host resolution /etc/hosts file should take precedence. But it doesn't
work that way and when I have some unresolvable name it tries to connect to DNS
ignoring local hosts file. The order can be clearly visible in strace:
'''openat(AT_FDCWD, "/usr/lib/ssl/ct_log_list.cnf", O_RDONLY) = -1 ENOENT (No
such file or directory)
openat(AT_FDCWD, "/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file
or directory)
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(5) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
close(5) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=560, ...}) = 0
read(5, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 560
read(5, "", 4096) = 0
close(5) = 0
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=93, ...}) = 0
read(5, "# The \"order\" line is only used "..., 4096) = 93
read(5, "", 4096) = 0
close(5) = 0
futex(0x7f3d2d2b5ba4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
read(5, "# Generated by NetworkManager\nse"..., 4096) = 64
read(5, "", 4096) = 0
close(5) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=335124, ...}) = 0
mmap(NULL, 335124, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f3d2de05000
close(5) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2",
O_RDONLY|O_CLOEXEC) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P#\0\0\0\0\0\0"...,
832) = 832
fstat(5, {st_mode=S_IFREG|0644, st_size=47568, ...}) = 0
mmap(NULL, 2168632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) =
0x7f3d2cab0000
mprotect(0x7f3d2cabb000, 2093056, PROT_NONE) = 0
mmap(0x7f3d2ccba000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xa000) = 0x7f3d2ccba000
mmap(0x7f3d2ccbc000, 22328, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3d2ccbc000
close(5) = 0
mprotect(0x7f3d2ccba000, 4096, PROT_READ) = 0
munmap(0x7f3d2de05000, 335124) = 0
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 5
'''
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssl 1.1.1-1ubuntu2.1~18.04.6
ProcVersionSignature: Ubuntu 4.15.0-124.127-generic 4.15.18
Uname: Linux 4.15.0-124-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.9-0ubuntu7.20
Architecture: amd64
Date: Mon Nov 23 10:49:41 2020
InstallationDate: Installed on 2015-05-08 (2026 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: Upgraded to bionic on 2018-08-26 (819 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1905261/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
