© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hello Valentijn and thanks for this bug report, it really helped me figure out an otherwise obscure printing issue.
However I don't agree with the suggested solution: the security model of cups for ipps is TOFU (trust on first use): the certificate is accepted the first time and then expected to be the same in the future. This is why the printer certificate is saved to file in the first place. (This approach is similar to what SSH uses: the first time you connect to a host the pubkey is saved in authorized_keys; if at some point the key changes ssh will refuse to connect and require manual deletion of the old key from authorized_keys.)
I think this is a UI issue: from the cups web interface or cups logs it was not clear at all that the issue was with ipps certificate validation. Cups (or maybe the ipps backend? I'm not that familiar with cups internals) should log a proper error message instead.