Univention Bugzilla – Bug 48025
crl-update fails through cron
Last modified: 2018-11-07 09:27:06 CET
Customer sees following in logfiles: run-parts: /etc/cron.daily/univention-ssl exited with return code 2 /etc/cron.daily/univention-ssl-crl-update: Using configuration from /etc/univention/ssl/openssl.cnf ca: Error on line 32 of config file "/etc/univention/ssl/openssl.cnf" 140422915728640:error:0E065068:configuration file routines:str_copy:variable has no value:../crypto/conf/conf_def.c:519:line 32 /etc/cron.daily/univention-ssl-crl-update: line 25: echo: No such file or directory run-parts: /etc/cron.daily/univention-ssl-crl-update exited with return code 1 This happened since https://forge.univention.org/bugzilla/show_bug.cgi?id=41013 has been applied on customer'S server.
Workaround available: --- /root/univention-ssl-crl-update 2018-10-19 14:41:07.420393123 +0200 +++ ./univention-ssl-crl-update 2018-10-19 14:46:21.217069038 +0200 @@ -1,8 +1,16 @@ #!/bin/bash +set -x #update crl in case of getting invalid after 30 days #Univention [Ticket#2014082721000898] +#use UCR values in /etc/univention/ssl/openssl.cnf +#default_crl_days = $ENV::DEFAULT_CRL_DAYS +#default_md = $ENV::DEFAULT_MD + +export DEFAULT_CRL_DAYS=$(ucr shell ssl/crl/validity | awk -F= '{ print $2 }') +export DEFAULT_MD=$(ucr shell ssl/default/hashfunction | awk -F= '{ print $2 }') + nextUpdate="$(openssl crl -in /etc/univention/ssl/ucsCA/crl/crl.pem -noout -nextupdate | sed -ne 's/nextUpdate=//p')" today="$(date -u '+%s')"
Probably not a product bug, as the script if not part of UCS. Probably a duplicate of Bug #47896. Waiting for feedback from customer.
Well, the script was originally written by Janis Meybohm from Univention staff some years ago. If "/etc/cron.daily/univention-ssl" does the same - we can ignore the other one.
(In reply to Stephan Hendl from comment #3) > Well, the script was originally written by Janis Meybohm from Univention > staff some years ago. If "/etc/cron.daily/univention-ssl" does the same - we > can ignore the other one. The functionality to update the CRL is now part of "/etc/cron.daily/univention-ssl" and the update interval in days can be configured through the UCRV "ssl/crl/interval". As the package currently has a bug, I close this bug as a duplicate of Bug #47896 *** This bug has been marked as a duplicate of bug 47896 ***
OK
Nothing to release