Public bug reported:
Steps to reproduce :
1. Generate new snakeoil SSL certificates with 'sudo make-ssl-cert
generate-default-snakeoil --force-overwrite'
2. Get hash of new certificate with 'openssl x509 -hash -noout -in
/etc/ssl/certs/ssl-cert-snakeoil.pem', say fd1e9cf4
3. Check that fd1e9cf4.0 symlink to ssl-cert-snakeoil.pem was created in
/etc/ssl/certs
Problem :
- fd1e9cf4 symlink is created instead of fd1e9cf4.0 (with .0 extension)
- if you're lucky, hash has not changed and you still have the old
fd1e9cf4.0 symlink.
- if you're unlucky (random seed has changed or you choose a different
keysize), hash will change, wrong symlink will be created and certification
validation will fail for example when using TLS with postfix :
postfix/smtpd[3828]: warning: TLS library problem:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1260:SSLalert number 48
** Affects: ssl-cert (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1324897
Title:
make-ssl-cert creates improper hash symlink to ssl-cert-snakeoil.pem
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1324897/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
