Bug 32763

Summary: univention-certificate renew fails if hostname is substring of other host
Product: UCS Reporter: Dirk Ahrnke <da>
Component: SSLAssignee: Philipp Hahn <hahn>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: P5 CC: buesching, gohmann, hahn, petersen
Version: UCS 3.1   
Target Milestone: UCS 3.2-x   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 43576    

Description Dirk Ahrnke 2013-09-30 17:57:22 CEST 
Assuming an environment with the following UCS-hosts:
host.domain.tld
anotherhost.domain.tld

"univention-certificate renew -name host.domain.tld ..." will fail with "Error opening ucsCA/certs ..." because the the routine tries to handle non existing filenames.

This is caused by the usage of grep (line 338) in function renew_cert of /usr/share/univention-ssl/make-certificates.sh as it also matches for "anotherhost.domain.tld". Line  387 in function revoke_cert shows the same problem.
Comment 1 Philipp Hahn univentionstaff 2014-02-12 09:31:29 CET 
*** Bug 11298 has been marked as a duplicate of this bug. ***
Comment 2 Philipp Hahn univentionstaff 2016-06-22 13:30:15 CEST 
*** Bug 28493 has been marked as a duplicate of this bug. ***
Comment 3 Philipp Hahn univentionstaff 2016-06-22 13:44:18 CEST 
Fixed since r64182:
 univention-certificate new -name host.domain.tld -days 10
 univention-certificate new -name anotherhost.domain.tld -days 10
 univention-certificate renew -name host.domain.tld -days 10

*** This bug has been marked as a duplicate of bug 38859 ***