Univention Bugzilla – Bug 35027
UCS CA: univention-certificate doesn't lock index.txt
Last modified: 2016-07-21 15:16:04 CEST
regenerating SSL certificates using "univention-certificate renew" with two concurrent processes failed due to a corrupt /etc/univention/ssl/ucsCA/index.txt.
r70558 | Bug #24094 ssl: Allow univention-certificate only on DC Master (or Backup) man 1ssl openssl > WARNINGS > The ca command is effectively a single user command: no locking is done on the various files and attempts to run more than one ca command on the same database can have unpredictable results. Now uses flock($SSLBASE) for mutual exlusion Package: univention-ssl Version: 10.0.0-12.169.201606231402 Branch: ucs_4.1-0 Scope: errata4.1-2 r70580 | Bug #39045 ssl: YAML univention-ssl.yaml
Code review: OK Advisory: OK Tests: OK
<http://errata.software-univention.de/ucs/4.1/213.html>