Hi! A few days ago I've received a bug report for the prosody package which says that if an admin changes OpenSSL config file then generating a selfsigned certificate may no longer work because it requires filling a different set of fields, so simply sending 7 lines to the stdin of openssl isn't sufficient (see [1]).
I've searched through the archive and found several packages which suffer from the same bug (listing source packages): boxbackup dovecot dtc-xen ejabberd netkit-telnet-ssl openswan prosody rinputd stone strongswan uw-imap xmail yaws I see two ways of fixing this bug: either use -batch option which means that the certificate will be without common name (this approach is used in quassel), or supply an own OpenSSL config file along with the postinst script (or generate it in the postinst script as it is used in openvas-server). Is there a more reasonable way to generate self-signed certificate with common name (preferably without involving temporary OpenSSL configs)? Or may be using such certificates is not a good idea at all and it's better to disable SSL instead of giving selfsigned ones to users? [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596433 Cheers! -- Sergei Golovan -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimka_nej5b+vvoqn8jm6s=ronauw=tusq89b...@mail.gmail.com
