Bug 35027 - UCS CA: univention-certificate doesn't lock index.txt
UCS CA: univention-certificate doesn't lock index.txt
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SSL
UCS 3.1
Other Linux
: P5 normal (vote)
: UCS 4.1-2-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-02 08:24 CEST by Ingo Steuwer
Modified: 2016-07-21 15:16 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Large environments
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2014-06-02 08:24:25 CEST
regenerating SSL certificates using "univention-certificate renew" with two concurrent processes failed due to a corrupt /etc/univention/ssl/ucsCA/index.txt.
Comment 1 Philipp Hahn univentionstaff 2016-06-23 14:23:00 CEST
r70558 | Bug #24094 ssl: Allow univention-certificate only on DC Master (or Backup)
 man 1ssl openssl
 > WARNINGS
 > The ca command is effectively a single user command: no locking is done on the various files and attempts to run more than one ca command on the same database can have unpredictable results.
 Now uses flock($SSLBASE) for mutual exlusion

Package: univention-ssl
Version: 10.0.0-12.169.201606231402
Branch: ucs_4.1-0
Scope: errata4.1-2

r70580 | Bug #39045 ssl: YAML
 univention-ssl.yaml
Comment 2 Janek Walkenhorst univentionstaff 2016-07-12 19:02:36 CEST
Code review: OK
Advisory: OK
Tests: OK
Comment 3 Janek Walkenhorst univentionstaff 2016-07-21 15:16:04 CEST
<http://errata.software-univention.de/ucs/4.1/213.html>