Custom Query (894 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (31 - 33 of 894)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Ticket Resolution Summary Owner Reporter
#1128 fixed Register init and cron scripts with LSB desai m4z <686f6c6d@…>
Description

I'm hoping to promote bcfg2 to become an official openSUSE package one day, but to achieve that, I need to get rid of a few rpmlint issues, like this one:

[  140s] ... running 10-check-lanana
[  141s] bcfg2-server: Name of init script "bcfg2-server" is not LSB conform
[  141s] bcfg2: Name of cron script "bcfg2" is not LSB conform
[  141s] bcfg2: Name of cron script "bcfg2" is not LSB conform
[  141s] bcfg2: Name of init script "bcfg2" is not LSB conform

According to

http://en.opensuse.org/openSUSE:Packaging_init_scripts#Name

the name can be registered as described here:

http://www.lanana.org/lsbreg/instructions.html

to make it into this list:

http://www.lanana.org/lsbreg/init/init.txt

<peerpressure>At least puppet is on there, too.</peerpressure>

It seems possible that I request it myself, but I'd find it nice if it happened in a more "official" fashion.

#1127 fixed SSLCA certificate validation is being carried out with the CA specified as `untrusted' https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc Michael Fincham <michael@…>
Description

On my installation SSLCA managed certificates are only valid during the client run in which they are created, subsequent runs declare the certificate as invalid and delete it.

I see that diff:src/lib/Server/Plugins/SSLCA.py@a400a860abe7c373c43a7df3fb55affd9746b292:f379b0e43cfa0137379ad0f78f48223eba7db61a on line 187 the way openssl is called was changed:

  • res = Popen(["openssl", "verify", "-CAfile", chaincert, cert],

+ res = Popen(["openssl", "verify", "-untrusted", chaincert, "-purpose", + "sslserver", cert],

This seems to cause validation of the stored cert to always fail:

Aug 27 18:26:48 manager bcfg2-server[29849]: SSLCA: /etc/stunnel/mysql-client-cert.pem failed verification against CA: /var/lib/bcfg2/SSLCA/etc/stunnel/mysql-client-cert.pem/mysql-client-cert.pem.H_test.example.com: /C=NZ/O=Example/CN=example.com#012error 19 at 1 depth lookup:self signed cer

Changing "-untrusted" back to "-CAfile" allows validation to succeed:

SSLCA/etc/stunnel/mysql-client-cert.pem/mysql-client-cert.pem.H_test.example.com: OK

Is there some reason I can't discern for why this was changed to "-untrusted"?

#1126 worksforme When specifying a wrong CA, no useful error messages are generated desai m4z <686f6c6d@…>
Description

This is basically the same underlying (user) problem as #1104 describes, just with a different cause, hence the separate ticket.

I switched from the default setup where certificate == ca in bcfg2.conf on the server to one where they where separate files and stupid me changed only the certificate line, and forgot all about the ca line. My problem then was that even with debug mode enabled on both the server and client (on the same machine),

  • the server did not log anything about a connection attempt at all, and
  • the client only logged "Failed to download probes:".

I had to confirm with tcpdump that the connection was even attempted.

Please add useful SSL debug messages, and keep up the good work. (:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Note: See TracQuery for help on using queries.