Let me add on this bug (and hopefully support a higher rating.
I tried to work-around sung:
https://forum.snapcraft.io/t/custom-ssl-certs-for-snapd-to-the-snap-store-communication/17446
however this does not wor either on Ubuntu 20.04.2 running a samba AD-DC
where Nextcloud (meanwhile version 20.0.8snap1) shall lookup and
authenticate users and groups via LDAPS.
Having the CA root certificates in the snap rather than the hoast system is a
security risk.
As of today, two certificates have expired:
Reproduce: run in nextcloud snap shell:
find *.pem -exec openssl x509 -text -noout -in "{}" ";" |grep "After"|grep
"2021"
Not After : Dec 15 08:00:00 2021 GMT
Not After : Sep 30 14:01:15 2021 GMT
Not After : Dec 15 08:00:00 2021 GMT
Not After : Mar 17 18:33:33 2021 GMT
Not After : Apr 6 07:29:40 2021 GMT
The last two certificates are expired. Also, what if a root-CA
certificate is compromised and needs to be replaced?
Please also add read-access to the host file /etc/ldap.conf via
apparmor.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826362
Title:
Use system CA certificates
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1826362/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
