Unreadable or symlinked openssl.cnf breaks bind9
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Debian) |
Fix Released
|
Unknown
|
|||
openssl (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
If /etc/ssl/
This is apparently the same issue as what was discussed on the Debian side in 2010:
http://
I have several custom openssl.cnf files, and recently decided to symlink the 'default' openssl.cnf to one of them (the target is world readable). On the next reboot bind would not start. With a lot of digging, much like in the debian ticket I referred to above, I eventually clued in on the fact that somehow OpenSSL is involved even though it's not an advertised dependency.
If this can't be corrected (i.e. so that bind would start regardless of whether openssl.cnf can be accessed), perhaps a more informative error message could be added. A simple "cannot read openssl.cnf" would have saved me an hour of debug time.
--
Description: Ubuntu 12.04.2 LTS
Release: 12.04
bind9:
Installed: 1:9.8.1.
Candidate: 1:9.8.1.
Version table:
*** 1:9.8.1.
500 http://
500 http://
100 /var/lib/
1:
500 http://
Changed in openssl (Debian): | |
status: | Unknown → New |
Changed in openssl (Debian): | |
status: | New → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Thanks for linking to the Debian bug. According to the discussion there, this is a bug in openssl and not in bind9. It seems likely to me that this will not get fixed in Ubuntu until it is fixed in Debian.