cacrl should be use instead of hostcrl when generating apache2 passenger configuration
Bug #641001 reported by
Mathias Gug
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet (Ubuntu) |
Fix Released
|
Medium
|
Mathias Gug | ||
Maverick |
Fix Released
|
Medium
|
Mathias Gug |
Bug Description
Binary package hint: puppet
The cacrl is the actual file updated when a certificate is revoked. Thus it should also be used as the CRL file by apache2.
The impact is that apache2 ssl configuration uses the wrong CRL. Thus revoked puppet client won't be denied access to the puppet master by apache2.
Changed in puppet (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in puppet (Ubuntu): | |
importance: | Medium → Low |
Changed in puppet (Ubuntu): | |
importance: | Low → Medium |
description: | updated |
Changed in puppet (Ubuntu Maverick): | |
assignee: | nobody → Mathias Gug (mathiaz) |
status: | Triaged → In Progress |
tags: | added: server-mrs |
To post a comment you must log in.
Mathias, can you please check this source package very carefully? It replaces debian/ patches/ debian- changes- 2.6.1-0ubuntu1 withdebian/ patches/ debian- changes- 2.6.1-0ubuntu2, and this patch looks like it would be the delta betwen 2.6.1rc4 and 2.6.1 final. This looks strange, as if something went wrong at uupdate time. The debian-changes* patches are actually the same, so I'll approve the new upload for this bug fix, but this might still be unintended here.