[SRU] apache2/ssl-cert fails to install on long-named hosts

Bug #1004682 reported by Ben Howard on 2012-05-25
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ssl-cert (Debian)
Fix Released
ssl-cert (Ubuntu)

Bug Description

[SRU Justification] On hosts with longer than 64-character FQDN's, applications that require SSL-Cert will fail to configure. Since snake-oil certs are invalid anyway, this change unblocks the installation of packages that require the ssl-cert package.

[Impact]: Apache2 and any package that requires a Snake-Oil SSL cert will fail to install on when the FQDN is longer than 64-characters.

[Development Fix]: Ubuntu Versions 11.04 through 12.10 share the same code base. For 12.10, the same fix was applied and uploaded.

[Stable Fix]: The stable fix is the same as the development fix. The fix is very simplistic and merely uses the short hostname if the FQDN is too long.

[Test Case]: Name a system with a FDQN longer than 64-characters; attempt to install Apache2, i.e. "apt-get -y install apache2".

[Regresion Potential]: This regression potential is rather low.

Apache2 reuqires the SSL-Cert package. On hosts where the host name is longer than 64-characters, then ssl-cert fails to configure and leaves Apache2 unconfigured.

ben@utlemming-22a:~$ hostname -f

ben@utlemming-22a:~$ sudo make-ssl-cert generate-default-snakeoil
Could not create certificate. Openssl output was:
Generating a 2048 bit RSA private key
writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key'
problems making Certificate Request
139776384734880:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ssl-cert 1.0.28
ProcVersionSignature: Ubuntu 3.2.0-24.38-generic 3.2.16
Uname: Linux 3.2.0-24-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Fri May 25 14:01:45 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64+mac (20120327.1)
PackageArchitecture: all
SourcePackage: ssl-cert
UpgradeStatus: No upgrade log present (probably fresh install)

Changed in ssl-cert (Ubuntu):
milestone: none → quantal-alpha-1
Changed in ssl-cert (Ubuntu):
assignee: nobody → Ben Howard (utlemming)
Scott Moser (smoser) on 2012-05-25
Changed in ssl-cert (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Low
assignee: nobody → Ben Howard (utlemming)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ssl-cert - 1.0.28ubuntu1

ssl-cert (1.0.28ubuntu1) quantal; urgency=low

  [ Ben Howard ]
  * If fully qualified domain name is longer than 64 characters, use the
    short hostname. (LP: #1004682)
 -- Scott Moser <email address hidden> Fri, 25 May 2012 16:50:13 -0400

Changed in ssl-cert (Ubuntu Quantal):
status: Confirmed → Fix Released
Changed in ssl-cert (Debian):
status: Unknown → New
Changed in ssl-cert (Ubuntu Precise):
importance: Low → Medium
description: updated
James Page (james-page) on 2012-05-28
summary: - apache2/ssl-cert fails to install on long-named hosts
+ [SRU] apache2/ssl-cert fails to install on long-named hosts
James Page (james-page) wrote :

Uploaded to precise-proposed.

description: updated

Hello Ben, or anyone else affected,

Accepted ssl-cert into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ssl-cert (Ubuntu Precise):
status: Confirmed → Fix Committed
tags: added: verification-needed

Fixed confirmed.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ssl-cert - 1.0.28ubuntu0.1

ssl-cert (1.0.28ubuntu0.1) precise-proposed; urgency=low

  * Allow installation of snake-oil cert on systems with fully qualified
    hostnames longer than 64-characters by using the short hostname.
    (LP: #1004682)
 -- Ben Howard <email address hidden> Mon, 28 May 2012 09:08:19 -0600

Changed in ssl-cert (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in ssl-cert (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.