yahoo-eng-team team mailing list archive

[Alberto Contreras <1931174@xxxxxxxxxxxxxxxxxx>]

This bug is believed to be fixed in cloud-init in version 23.1. If this
is still a problem for you, please make a comment and set the state back
to New

Thank you.

** Changed in: cloud-init
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1931174

Title:
  ca-certs does not work as expected if multiple certificates are
  provided

Status in cloud-init:
  Fix Released

Bug description:
  Forwarded from https://bugs.debian.org/989575

  From the original report:
      I use "ca-certs" to supply additional certificates. With just one 
      certiticate everything works as expected, however when provided 
      more than one, cloud-init adds them into a single file which causes 
      "openssl rehash" to fail as it expects exactly one certificate per 
      file. As the result programmes using openssl doen not trus 
      certificates issued by provided CAs.

  The issue was reported against 20.2, but I have confirmed that the
  behavior is unchanged in 21.2.

  One possible approach to the solution would be to store each
  certificate individually in files named something like cloud-init-ca-
  cert-0.pem, cloud-init-ca-cert-1.pem, etc.

  Note that this breaks certificate usage only when performing
  verification using openssl's path-based verification functionality.
  Since all certificates in /etc/ssl/certs/ are concatenated into
  /etc/ssl/certs/ca-certificates.pem, that file can still be used to
  perform file-based verification. (See
  https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_file.html
  for a description of these two modes, if you're not familiar.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1931174/+subscriptions