Bug#1103346: apache2: incorrect instructions for generating snakeoil for non-hostname

Wed, 16 Apr 2025 07:54:29 -0700 

Package: apache2
Version: 2.4.62-1~deb12u2
Severity: normal
X-Debbugs-Cc: martin-eric.rac...@iki.fi

/usr/share/doc/apache2/README.Debian.gz states that:
------------------------------------------------------------------------------
        make-ssl-cert generate-default-snakeoil --force-overwrite

To create more certificates with different host names, you can use

        make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt
------------------------------------------------------------------------------

The second line generates a certificate that fails to pass Firefox's 
self-signed certificate error, while the first line has no --option to generate 
a snakeoil cert for a non-hostname virtual host (this host runs different 
services on different IP addresses and they resolve to a different hostname).

Martin-Éric

-- Package-specific info:

-- System Information:
Debian Release: 12.10
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.12+bpo-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apache2 depends on:
ii  apache2-bin                2.4.62-1~deb12u2
ii  apache2-data               2.4.62-1~deb12u2
ii  apache2-utils              2.4.62-1~deb12u2
ii  init-system-helpers        1.65.2
ii  media-types                10.0.0
ii  perl                       5.36.0-7+deb12u2
ii  procps                     2:4.0.2-3
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.2

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  firefox-esr [www-browser]                        128.9.0esr-1~deb12u1
ii  lynx [www-browser]                               2.9.0dev.12-1

Versions of packages apache2-bin depends on:
ii  libapr1                  1.7.2-3+deb12u1
ii  libaprutil1              1.6.3-1
ii  libaprutil1-dbd-sqlite3  1.6.3-1
ii  libaprutil1-ldap         1.6.3-1
ii  libbrotli1               1.0.9-2+b6
ii  libc6                    2.36-9+deb12u10
ii  libcrypt1                1:4.4.33-2
ii  libcurl4                 7.88.1-10+deb12u12
ii  libjansson4              2.14-2
ii  libldap-2.5-0            2.5.13+dfsg-5
ii  liblua5.3-0              5.3.6-2
ii  libnghttp2-14            1.52.0-1+deb12u2
ii  libpcre2-8-0             10.42-1
ii  libssl3                  3.0.15-1~deb12u1
ii  libxml2                  2.9.14+dfsg-1.3~deb12u1
ii  perl                     5.36.0-7+deb12u2
ii  zlib1g                   1:1.2.13.dfsg-1

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  firefox-esr [www-browser]                        128.9.0esr-1~deb12u1
ii  lynx [www-browser]                               2.9.0dev.12-1

Versions of packages apache2 is related to:
ii  apache2      2.4.62-1~deb12u2
ii  apache2-bin  2.4.62-1~deb12u2

-- Configuration Files:
/etc/apache2/ports.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]
/etc/apache2/sites-available/default-ssl.conf changed [not included]

-- no debconf information

Reply via email to