Custom Query (894 matches)


Show under each result:

Results (31 - 33 of 894)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Ticket Owner Reporter Resolution Summary
#1128 desai m4z <[email protected]…> fixed Register init and cron scripts with LSB

I'm hoping to promote bcfg2 to become an official openSUSE package one day, but to achieve that, I need to get rid of a few rpmlint issues, like this one:

[  140s] ... running 10-check-lanana
[  141s] bcfg2-server: Name of init script "bcfg2-server" is not LSB conform
[  141s] bcfg2: Name of cron script "bcfg2" is not LSB conform
[  141s] bcfg2: Name of cron script "bcfg2" is not LSB conform
[  141s] bcfg2: Name of init script "bcfg2" is not LSB conform

According to

the name can be registered as described here:

to make it into this list:

<peerpressure>At least puppet is on there, too.</peerpressure>

It seems possible that I request it myself, but I'd find it nice if it happened in a more "official" fashion.

#1127 Michael Fincham <[email protected]…> fixed SSLCA certificate validation is being carried out with the CA specified as `untrusted'

On my installation SSLCA managed certificates are only valid during the client run in which they are created, subsequent runs declare the certificate as invalid and delete it.

I see that diff:src/lib/Server/Plugins/[email protected]:f379b0e43cfa0137379ad0f78f48223eba7db61a on line 187 the way openssl is called was changed:

  • res = Popen(["openssl", "verify", "-CAfile", chaincert, cert],

+ res = Popen(["openssl", "verify", "-untrusted", chaincert, "-purpose", + "sslserver", cert],

This seems to cause validation of the stored cert to always fail:

Aug 27 18:26:48 manager bcfg2-server[29849]: SSLCA: /etc/stunnel/mysql-client-cert.pem failed verification against CA: /var/lib/bcfg2/SSLCA/etc/stunnel/mysql-client-cert.pem/ /C=NZ/O=Example/ 19 at 1 depth lookup:self signed cer

Changing "-untrusted" back to "-CAfile" allows validation to succeed:

SSLCA/etc/stunnel/mysql-client-cert.pem/ OK

Is there some reason I can't discern for why this was changed to "-untrusted"?

#1126 desai m4z <[email protected]…> worksforme When specifying a wrong CA, no useful error messages are generated

This is basically the same underlying (user) problem as #1104 describes, just with a different cause, hence the separate ticket.

I switched from the default setup where certificate == ca in bcfg2.conf on the server to one where they where separate files and stupid me changed only the certificate line, and forgot all about the ca line. My problem then was that even with debug mode enabled on both the server and client (on the same machine),

  • the server did not log anything about a connection attempt at all, and
  • the client only logged "Failed to download probes:".

I had to confirm with tcpdump that the connection was even attempted.

Please add useful SSL debug messages, and keep up the good work. (:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Note: See TracQuery for help on using queries.