Univention Bugzilla – Full Text Bug Listing |
Summary: | crl-update fails through cron | ||
---|---|---|---|
Product: | UCS | Reporter: | Christian Völker <voelker> |
Component: | SSL | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED DUPLICATE | QA Contact: | UCS maintainers <ucs-maintainers> |
Severity: | normal | ||
Priority: | P5 | CC: | andree.hingst, gohmann, grandjean, hahn, stephan.hendl |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=47896 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.429 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2018101921000605 | Bug group (optional): | |
Max CVSS v3 score: |
Description
Christian Völker
2018-10-19 15:12:02 CEST
Workaround available: --- /root/univention-ssl-crl-update 2018-10-19 14:41:07.420393123 +0200 +++ ./univention-ssl-crl-update 2018-10-19 14:46:21.217069038 +0200 @@ -1,8 +1,16 @@ #!/bin/bash +set -x #update crl in case of getting invalid after 30 days #Univention [Ticket#2014082721000898] +#use UCR values in /etc/univention/ssl/openssl.cnf +#default_crl_days = $ENV::DEFAULT_CRL_DAYS +#default_md = $ENV::DEFAULT_MD + +export DEFAULT_CRL_DAYS=$(ucr shell ssl/crl/validity | awk -F= '{ print $2 }') +export DEFAULT_MD=$(ucr shell ssl/default/hashfunction | awk -F= '{ print $2 }') + nextUpdate="$(openssl crl -in /etc/univention/ssl/ucsCA/crl/crl.pem -noout -nextupdate | sed -ne 's/nextUpdate=//p')" today="$(date -u '+%s')" Probably not a product bug, as the script if not part of UCS. Probably a duplicate of Bug #47896. Waiting for feedback from customer. Well, the script was originally written by Janis Meybohm from Univention staff some years ago. If "/etc/cron.daily/univention-ssl" does the same - we can ignore the other one. (In reply to Stephan Hendl from comment #3) > Well, the script was originally written by Janis Meybohm from Univention > staff some years ago. If "/etc/cron.daily/univention-ssl" does the same - we > can ignore the other one. The functionality to update the CRL is now part of "/etc/cron.daily/univention-ssl" and the update interval in days can be configured through the UCRV "ssl/crl/interval". As the package currently has a bug, I close this bug as a duplicate of Bug #47896 *** This bug has been marked as a duplicate of bug 47896 *** OK Nothing to release |