Public bug reported: Steps to reproduce :
1. Generate new snakeoil SSL certificates with 'sudo make-ssl-cert generate-default-snakeoil --force-overwrite' 2. Get hash of new certificate with 'openssl x509 -hash -noout -in /etc/ssl/certs/ssl-cert-snakeoil.pem', say fd1e9cf4 3. Check that fd1e9cf4.0 symlink to ssl-cert-snakeoil.pem was created in /etc/ssl/certs Problem : - fd1e9cf4 symlink is created instead of fd1e9cf4.0 (with .0 extension) - if you're lucky, hash has not changed and you still have the old fd1e9cf4.0 symlink. - if you're unlucky (random seed has changed or you choose a different keysize), hash will change, wrong symlink will be created and certification validation will fail for example when using TLS with postfix : postfix/smtpd[3828]: warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1260:SSLalert number 48 ** Affects: ssl-cert (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1324897 Title: make-ssl-cert creates improper hash symlink to ssl-cert-snakeoil.pem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1324897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs