ca-certs does not work as expected if multiple certificates are provided
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Forwarded from https:/
From the original report:
I use "ca-certs" to supply additional certificates. With just one
certiticate everything works as expected, however when provided
more than one, cloud-init adds them into a single file which causes
"openssl rehash" to fail as it expects exactly one certificate per
file. As the result programmes using openssl doen not trus
certificates issued by provided CAs.
The issue was reported against 20.2, but I have confirmed that the behavior is unchanged in 21.2.
One possible approach to the solution would be to store each certificate individually in files named something like cloud-init-
Note that this breaks certificate usage only when performing verification using openssl's path-based verification functionality. Since all certificates in /etc/ssl/certs/ are concatenated into /etc/ssl/
description: | updated |
Changed in cloud-init: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Note upstream commit merged for this feature /github. com/canonical/ cloud-init/ commit/ ba3d611a7267ca6 ac89cf7bb03fff4 a14be9b5c0
https:/
Expect cloud-init official 23.1 release to contain this functionality