Ubuntu
ssl-cert package

[SRU] apache2/ssl-cert fails to install on long-named hosts

Bug #1004682 reported by Ben Howard
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ssl-cert (Debian)
Fix Released
Unknown
ssl-cert (Ubuntu)
Fix Released
Low
Unassigned
Ubuntu quantal-alpha-1
Precise
Fix Released
Medium
Unassigned
Quantal
Fix Released
Low
Unassigned
Ubuntu quantal-alpha-1

Bug Description

[SRU Justification] On hosts with longer than 64-character FQDN's, applications that require SSL-Cert will fail to configure. Since snake-oil certs are invalid anyway, this change unblocks the installation of packages that require the ssl-cert package.

[Impact]: Apache2 and any package that requires a Snake-Oil SSL cert will fail to install on when the FQDN is longer than 64-characters.

[Development Fix]: Ubuntu Versions 11.04 through 12.10 share the same code base. For 12.10, the same fix was applied and uploaded.

[Stable Fix]: The stable fix is the same as the development fix. The fix is very simplistic and merely uses the short hostname if the FQDN is too long.

[Test Case]: Name a system with a FDQN longer than 64-characters; attempt to install Apache2, i.e. "apt-get -y install apache2".

[Regresion Potential]: This regression potential is rather low.

Apache2 reuqires the SSL-Cert package. On hosts where the host name is longer than 64-characters, then ssl-cert fails to configure and leaves Apache2 unconfigured.

ben@utlemming-22a:~$ hostname -f
utlemming-22a.139cd93ba280479588e4157eac561a0b.utlemming-22a.525551751.uswest.internal.utlemmings-excellent-cloud.com

ben@utlemming-22a:~$ sudo make-ssl-cert generate-default-snakeoil
Could not create certificate. Openssl output was:
Generating a 2048 bit RSA private key
.......................+++
.................................................+++
writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key'
-----
problems making Certificate Request
139776384734880:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ssl-cert 1.0.28
ProcVersionSignature: Ubuntu 3.2.0-24.38-generic 3.2.16
Uname: Linux 3.2.0-24-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Fri May 25 14:01:45 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64+mac (20120327.1)
PackageArchitecture: all
SourcePackage: ssl-cert
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Ben Howard (darkmuggle-deactivatedaccount) wrote :
Ben Howard (darkmuggle-deactivatedaccount)
Changed in ssl-cert (Ubuntu):
milestone: none → quantal-alpha-1
Ben Howard (darkmuggle-deactivatedaccount)
Changed in ssl-cert (Ubuntu):
assignee: nobody → Ben Howard (utlemming)
Scott Moser (smoser)
Changed in ssl-cert (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Low
assignee: nobody → Ben Howard (utlemming)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ssl-cert - 1.0.28ubuntu1

---------------
ssl-cert (1.0.28ubuntu1) quantal; urgency=low

  [ Ben Howard ]
  * If fully qualified domain name is longer than 64 characters, use the
    short hostname. (LP: #1004682)
 -- Scott Moser <email address hidden> Fri, 25 May 2012 16:50:13 -0400

Changed in ssl-cert (Ubuntu Quantal):
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in ssl-cert (Debian):
status: Unknown → New
Ben Howard (darkmuggle-deactivatedaccount)
Changed in ssl-cert (Ubuntu Precise):
importance: Low → Medium
Ben Howard (darkmuggle-deactivatedaccount)
description: updated
James Page (james-page)
summary: - apache2/ssl-cert fails to install on long-named hosts
+ [SRU] apache2/ssl-cert fails to install on long-named hosts
Revision history for this message
James Page (james-page) wrote :

Uploaded to precise-proposed.

Ben Howard (darkmuggle-deactivatedaccount)
description: updated
Revision history for this message
Colin Watson (cjwatson) wrote : Please test proposed package

Hello Ben, or anyone else affected,

Accepted ssl-cert into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ssl-cert (Ubuntu Precise):
status: Confirmed → Fix Committed
tags: added: verification-needed
Revision history for this message
Ben Howard (darkmuggle-deactivatedaccount) wrote :

Fixed confirmed.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ssl-cert - 1.0.28ubuntu0.1

---------------
ssl-cert (1.0.28ubuntu0.1) precise-proposed; urgency=low

  * Allow installation of snake-oil cert on systems with fully qualified
    hostnames longer than 64-characters by using the short hostname.
    (LP: #1004682)
 -- Ben Howard <email address hidden> Mon, 28 May 2012 09:08:19 -0600

Changed in ssl-cert (Ubuntu Precise):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in ssl-cert (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.