make-ssl-cert creates improper hash symlink to ssl-cert-snakeoil.pem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ssl-cert (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce :
1. Generate new snakeoil SSL certificates with 'sudo make-ssl-cert generate-
2. Get hash of new certificate with 'openssl x509 -hash -noout -in /etc/ssl/
3. Check that fd1e9cf4.0 symlink to ssl-cert-
Problem :
- fd1e9cf4 symlink is created instead of fd1e9cf4.0 (with .0 extension)
- if you're lucky, hash has not changed and you still have the old fd1e9cf4.0 symlink.
- if you're unlucky (random seed has changed or you choose a different keysize), hash will change, wrong symlink will be created and certification validation will fail for example when using TLS with postfix :
postfix/
This bug was fixed in the package ssl-cert - 1.1.0
---------------
ssl-cert (1.1.0) unstable; urgency=medium
[ Stefan Fritsch ]
* Remove obsolete openssl-blacklist suggests.
* Add some autopkgtests. LP: #1679405
* Create correct hash symlink. LP: #1324897
* Automatically re-create the default snakeoil certificate if its key
length is below 2048 bits or if the signature algorithm is not sha256.
Closes: #924881
[ Bryce Harrington ]
* Refactor make-ssl-cert a bit, add usage message.
* Add --expiration-days option. LP: #1853021
-- Stefan Fritsch <email address hidden> Mon, 28 Dec 2020 15:20:52 +0100