Univention Bugzilla – Bug 35027
UCS CA: univention-certificate doesn't lock index.txt
Last modified: 2016-07-21 15:16:04 CEST
regenerating SSL certificates using "univention-certificate renew" with two concurrent processes failed due to a corrupt /etc/univention/ssl/ucsCA/index.txt.
r70558 | Bug #24094 ssl: Allow univention-certificate only on DC Master (or Backup)
man 1ssl openssl
> The ca command is effectively a single user command: no locking is done on the various files and attempts to run more than one ca command on the same database can have unpredictable results.
Now uses flock($SSLBASE) for mutual exlusion
r70580 | Bug #39045 ssl: YAML
Code review: OK