Ubuntu
tigervnc package

tigervnc server can't generate SSL certificate

Bug #1973292 reported by Michael Bode
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tigervnc (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Kubuntu 22.04, tigervnc-common 1.12.0+dfsg-4 amd64

What happens:
When I start tigervncserver with option -SecurityTypes X509Plain it reports the following error:

vncserver -geometry 1920x1080 -localhost no -autokill -SecurityTypes X509Plain

You will require a certificate to use X509None, X509Vnc, or X509Plain.
I will generate a self signed certificate for you in /home/mb/.vnc/demk-wks-400-SrvCert.pem.

-----
Cannot write random bytes:
4057E14E287F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
The openssl command /usr/bin/openssl req -newkey ec:/etc/tigervnc/openssl-ecparams.pem -x509 -days 2190 -nodes -config - -out /home/mb/.vnc/demk-wks-400-SrvCert.pem -keyout /home/mb/.vnc/demk-wks-400-SrvKey.pem failed: 256

which seems plausible since it can't write to /dev/urandmon.

What should happen:

vncserver creates a self signed certifiate and starts.

Workaround (fix?) is to comment out the following line in /etc/tigervnc/openssl.cnf:

#RANDFILE = /dev/urandom

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tigervnc - 1.12.0+dfsg-7

---------------
tigervnc (1.12.0+dfsg-7) unstable; urgency=medium

  [ Joachim Falk ]
  * Fixed autogeneration of SSL certificates for X509None, X509Vnc, and
    X509Plain security types (LP: #1973292).
  * Fixed /tmp copy lifetime of VNC password, certificate, and key files in
    case of disabled autokill (LP: #1995869).
  * Document ~/.vnc/config in man pages (closes: #1025459).
  * Fixed bug concerning relative -rfbunixpath option values for
    tigervncserver and x0tigervncserver.
  * Consistent ~/.vnc/<host>:<display#>.{log,pid} file location for
    tigervncserver. In case of x0tigervncserver,
    <host>:<display#>-<rfbport#>.{log,pid} or
    <host>:<display#>-<rfbunixpath>.{log,pid} can also be used if multiple
    x0tigervncserver are running for the display (closes: #1025458).
  * Document -rfbunixpath and -rfbunixmode options for tigervncserver and
    x0tigervncserver.
  * Fixed Lintian warnings
    - build-depends-on-obsolete-package libgl1-mesa-dev (>= 9.2) => libgl-dev
    - build-depends-on-obsolete-package libegl1-mesa-dev [linux-any kfreebsd-any] => libegl-dev
  * Activated libunwind for armel, armhf, and arm64 after bug #923962 has
    been fixed on those architectures.

 -- Joachim Falk <email address hidden> Sat, 28 Dec 2022 17:26:29 +0100

Changed in tigervnc (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.