First Last Prev Next    This bug is not in your last search results.
Bug 33870 - ssl-sync löscht keine auf dem Master entfernten Zertifikate
ssl-sync löscht keine auf dem Master entfernten Zertifikate
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SSL
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-3-errata
Assigned To: Philipp Hahn
Alexander Kramer
:
: 28011 (view as bug list)
Depends on: 28011
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-08 12:18 CET by Tim Petersen
Modified: 2015-09-15 13:36 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Petersen univentionstaff 2014-01-08 12:18:50 CET 
+++ This bug was initially created as a clone of Bug #28011 +++

Wenn auf dem Master Zertifikate gelöscht werden (z.B. weil der Rechner nie/nicht mehr existiert) werden diese bei einem ssl-sync eines Backups dort nicht entfernt (rsync wird ohne "--delete" aufgerufen).



--delete ist in UCS 3.2 drin, aber funktionieren tut es dennoch nicht.
Ursache Asterisk:

- univention-ssh-rsync /etc/machine.secret -az --delete -e ssh "$hostname\$@$ldap_master:$SSL_PATH/*" "$SSL_PATH"
+ univention-ssh-rsync /etc/machine.secret -az --delete -e ssh "$hostname\$@$ldap_master:$SSL_PATH/" "$SSL_PATH"
Comment 1 Markus Dählmann 2015-07-08 10:15:23 CEST 
Es wäre schön wenn dies in einem Errata für 4.0 gefixt würde, da wir einen Mechanismus auf dem Backup haben, der davon abhängt, dass /etc/univention/ssl synchron mit dem Master ist.
Comment 2 Philipp Hahn univentionstaff 2015-08-20 10:22:54 CEST 
r63128 | Bug #33870 SSL: Fix removing deleted certificates
r63127 | Bug #33870 SSL: Fix removing deleted certificates

Package: univention-ssl
Version: 9.0.4-5.161.201508200928
Branch: ucs_4.0-0
Scope: errata4.0-3

Package: univention-ssl
Version: 10.0.0-2.160.201508200928
Branch: ucs_4.1-0

r63130 | Bug #33870 SSL: Fix removing deleted certificates YAML
 2015-08-20-univention-ssl.yaml
r63133 | Bug #33870 SSL: Fix removing deleted certificates CL
Comment 3 Alexander Kramer univentionstaff 2015-09-09 14:00:42 CEST 
Tested with the following setup:
domain: master, backup, slave
removed slave and monitored backup:/etc/univention/ssl
after some time all certificates were removed from the backup too

OK - SSL: Fix removing deleted certificates

UCS4.0-3:
OK - debian/changelog
OK - yaml

UCS4.1-0:
OK - debian/changelog
OK - xml changelog not neccessary reverted with 63152
Comment 4 Philipp Hahn univentionstaff 2015-09-15 09:22:59 CEST 
*** Bug 28011 has been marked as a duplicate of this bug. ***
Comment 5 Janek Walkenhorst univentionstaff 2015-09-15 13:36:44 CEST 
<http://errata.software-univention.de/ucs/4.0/314.html>
First Last Prev Next    This bug is not in your last search results.