apache-ssl: post-installation script fails

Automatically imported from Debian bug report #229505
http://bugs.debian.org/229505

Message-Id: <email address hidden>
Date: Sun, 18 Jan 2004 12:53:33 +0100
From: Michael Kebe <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: apache-ssl: post-installation script fails

Package: apache-ssl
Version: 1.3.29.0.1-3
Severity: normal

After apt-get install apache-ssl I get:
> Setting up apache-ssl (1.3.29.0.1-3) ...
> Starting web server: apache-sslProcessing config directory:
> /etc/apache-ssl/conf.d
> failed
> invoke-rc.d: initscript apache-ssl, action "start" failed.
> dpkg: error processing apache-ssl (--configure):
> subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
> apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux missmuh 2.4.20 #8 Tue Jun 3 23:51:20 CEST 2003 i686
Locale: LANG=C, LC_CTYPE=de_DE@euro

Message-ID: <email address hidden>
Date: Sun, 25 Jan 2004 09:38:51 +0100 (CET)
From: Fabio Massimo Di Nitto <email address hidden>
To: Michael Kebe <email address hidden>,
 <email address hidden>
Subject: Re: Bug#229505: apache-ssl: post-installation script fails

Hi,
 are you running testing? is this a fresh installation or an
upgrade?

Please provide me more information asap.

Fabio

On Sun, 18 Jan 2004, Michael Kebe wrote:

> Package: apache-ssl
> Version: 1.3.29.0.1-3
> Severity: normal
>
> After apt-get install apache-ssl I get:
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Starting web server: apache-sslProcessing config directory:
> > /etc/apache-ssl/conf.d
> > failed
> > invoke-rc.d: initscript apache-ssl, action "start" failed.
> > dpkg: error processing apache-ssl (--configure):
> > subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> > apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
>
> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386
> Kernel: Linux missmuh 2.4.20 #8 Tue Jun 3 23:51:20 CEST 2003 i686
> Locale: LANG=C, LC_CTYPE=de_DE@euro
>
>
>
>

--
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Message-ID: <email address hidden>
Date: Sun, 25 Jan 2004 14:27:57 +0100
From: Michael Kebe <email address hidden>
To: Fabio Massimo Di Nitto <email address hidden>
CC: Michael Kebe <email address hidden>, <email address hidden>
Subject: Re: Bug#229505: apache-ssl: post-installation script fails

--------------enig6907E0AD6CB8B8607F1CF891
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Fabio Massimo Di Nitto wrote:
> Hi,
> are you running testing? is this a fresh installation or an
> upgrade?

Yes, I am running testing. I think it was a fresh install, because I
purge the previous installation...

> Please provide me more information asap.

I found the problem by myself:

If you left one field in the dialog for the certificate empty you will get:

> Setting up apache-ssl (1.3.29.0.1-3) ...
> Generating a 1024 bit RSA private key
> ...................++++++
> .......++++++
> writing new private key to '/etc/apache-ssl/apache.pem'
> -----
> problems making Certificate Request
> 32587:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
> dpkg: error processing apache-ssl (--configure):
> subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
> apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

And if you then try again "apt-get install apache-ssl" you will get (the
message of my first report):

> Setting up apache-ssl (1.3.29.0.1-3) ...
> Starting web server: apache-sslProcessing config directory: /etc/apache-ssl/conf.d
> failed
> invoke-rc.d: initscript apache-ssl, action "start" failed.
> dpkg: error processing apache-ssl (--configure):
> subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
> apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

So if left a field empty in the dialog for the creation of a certificate
a corrupted "apache.pem" will be created:

> ---- /var/log/apache-ssl/error.log ----
> [Sun Jan 25 14:16:40 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem
> [Sun Jan 25 14:16:40 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line
> -------------- 8< ---------------------

and then on the second "apt-get install apache-ssl" the postinstall
script just checks if there is a /etc/apache-ssl/apache.pem, and yes
there is one, but one that is *corrupted*. So it will try to start
apache-ssl, but it won't (see error.log)

So maybe its a good thing to say in the dialog to fill out *every* field
or to check if the apache.pem is correct and working.

Greetings
Michael

--------------enig6907E0AD6CB8B8607F1CF891
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAE8RibazMvfZGxKIRAs6RAJ0dU++0Dx3GtzskhZ0T4QX7TTsi9gCff8dT
hBl+Q4ONZt3tqKRuv0dSUUc=
=FwNA
-----END PGP SIGNATURE----...

Message-ID: <email address hidden>
Date: Sun, 25 Jan 2004 15:18:51 +0100 (CET)
From: Fabio Massimo Di Nitto <email address hidden>
To: Michael Kebe <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#229505: apache-ssl: post-installation script fails

Hi Michael,
 this was a bug in ssl-cert that has been fixed in sid already and
it should enter testing in a couple of days.

Fabio

On Sun, 25 Jan 2004, Michael Kebe wrote:

> Fabio Massimo Di Nitto wrote:
> > Hi,
> > are you running testing? is this a fresh installation or an
> > upgrade?
>
> Yes, I am running testing. I think it was a fresh install, because I
> purge the previous installation...
>
> > Please provide me more information asap.
>
> I found the problem by myself:
>
> If you left one field in the dialog for the certificate empty you will get:
>
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Generating a 1024 bit RSA private key
> > ...................++++++
> > .......++++++
> > writing new private key to '/etc/apache-ssl/apache.pem'
> > -----
> > problems making Certificate Request
> > 32587:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
> > dpkg: error processing apache-ssl (--configure):
> > subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> > apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
> And if you then try again "apt-get install apache-ssl" you will get (the
> message of my first report):
>
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Starting web server: apache-sslProcessing config directory: /etc/apache-ssl/conf.d
> > failed
> > invoke-rc.d: initscript apache-ssl, action "start" failed.
> > dpkg: error processing apache-ssl (--configure):
> > subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> > apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
>
> So if left a field empty in the dialog for the creation of a certificate
> a corrupted "apache.pem" will be created:
>
> > ---- /var/log/apache-ssl/error.log ----
> > [Sun Jan 25 14:16:40 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem
> > [Sun Jan 25 14:16:40 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line
> > -------------- 8< ---------------------
>
> and then on the second "apt-get install apache-ssl" the postinstall
> script just checks if there is a /etc/apache-ssl/apache.pem, and yes
> there is one, but one that is *corrupted*. So it will try to start
> apache-ssl, but it won't (see error.log)
>
> So maybe its a good thing to say in the dialog to fill out *every* field
> or to check if the apache.pem is correct and working.
>
> Greetings
> Michael
>

--
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Message-Id: <E1Ar2Cx-0001rk-00@pollo>
Date: Wed, 11 Feb 2004 16:47:46 -0500
From: Patricio Rojo <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: apache-ssl: It still fails installing if blank is given

Package: apache-ssl
Version: 1.3.29.0.1-5
Severity: normal
Followup-For: Bug #229505

Hi,

   I'm installing apache-ssl for the first time, I'm running unstable.
   I got the same problem reported by Michael, even though it was
supposed to be already fixed on 'sid'... If I left my email blank I
got...

Generating a 1024 bit RSA private key
.........++++++
...........++++++
writing new private key to '/etc/apache-ssl/apache.pem'
-----
problems making Certificate Request
4930:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
dpkg: error processing apache-ssl (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 apache-ssl
E: Sub-process /usr/bin/dpkg returned an error code (1)

   And then I had to purge the failed installation, start over and
filling in everything I have no further problems...

  Thanks!...

                         Pato

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.24-pcstm1-athlon
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages apache-ssl depends on:
ii apache-common 1.3.29.0.1-5 Support files for all Apache webse
ii debconf 1.4.9 Debian configuration management sy
ii dpkg 1.10.18 Package maintenance system for Deb
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-10 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.6-6 XML parsing C library - runtime li
ii libkeynote0 2.3-10 Decentralized Trust-Management sys
ii libmagic1 4.07-2 File type determination library us
ii libpam0g 0.76-15 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii logrotate 3.6.5-2 Log rotation utility
ii mime-support 3.24-1 MIME files 'mime.types' & 'mailcap
ii openssl 0.9.7c-5 Secure Socket Layer (SSL) binary a
ii perl [perl5] 5.8.3-1 Larry Wall's Practical Extraction
ii ssl-cert 1.0-7 Simple debconf wrapper for openssl

-- debconf information excluded

Message-ID: <email address hidden>
Date: Sat, 6 Mar 2004 01:06:19 +0100
From: Paul Slootman <email address hidden>
To: <email address hidden>
Subject: Re: Bug#229505: apache-ssl: post-installation script fails (still)

reopen 229505
thanks

On Sun 25 Jan 2004, Fabio Massimo Di Nitto wrote:

> this was a bug in ssl-cert that has been fixed in sid already and
> it should enter testing in a couple of days.

It's now March, and when doing a fresh install of testing on a box, I
still get this error:

7830:error:0D07A098:asn1 encoding routines:ASM1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1

I left the organisationalUnitName field empty, it doesn't apply.

Versions involved:

apache-ssl 1.3.29.0.1-3
ssl-cert 1.0-7

As it's still not resolved, I'm reopening this bug now.
If it belongs to ssl-cert, fine; reassign (although it's starting to
look like using ssl-cert is a bug in itself, if I look at the open bug
reports there).

Please don't close the bug before it's actually fixed...

Paul Slootman

Message-ID: <email address hidden>
Date: Sat, 6 Mar 2004 09:22:43 +0100 (CET)
From: Fabio Massimo Di Nitto <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#229505: apache-ssl: post-installation script fails (still)

reassign 229505 ssl-cert
stop

On Sat, 6 Mar 2004, Paul Slootman wrote:

> reopen 229505
> thanks
>
> On Sun 25 Jan 2004, Fabio Massimo Di Nitto wrote:
>
> > this was a bug in ssl-cert that has been fixed in sid already and
> > it should enter testing in a couple of days.
>
> It's now March, and when doing a fresh install of testing on a box, I
> still get this error:
>
> 7830:error:0D07A098:asn1 encoding routines:ASM1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
>
> I left the organisationalUnitName field empty, it doesn't apply.
>
> Versions involved:
>
> apache-ssl 1.3.29.0.1-3
> ssl-cert 1.0-7
>
> As it's still not resolved, I'm reopening this bug now.
> If it belongs to ssl-cert, fine; reassign (although it's starting to
> look like using ssl-cert is a bug in itself, if I look at the open bug
> reports there).
>
> Please don't close the bug before it's actually fixed...
>
>
> Paul Slootman
>
>
>

--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.

Message-ID: <email address hidden>
Date: Fri, 28 May 2004 17:25:18 +0200 (CEST)
From: Fabio Massimo Di Nitto <email address hidden>
To: <email address hidden>
Subject: ssl-cert needs love

severity 249365 grave
severity 229505 grave
severity 241857 grave
severity 251223 grave
merge 249365 229505 241857 251223
severity 230485 important
reassign 231068 cyrus21-imapd
retitle 231068 dpkg: syntax error: unknown user `cyrus' in statusoverride file
tag 244636 pending
tag 246071 pending
stop

--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.

*** Bug 6774 has been marked as a duplicate of this bug. ***

*** Bug 6795 has been marked as a duplicate of this bug. ***

*** Bug 6810 has been marked as a duplicate of this bug. ***

Message-Id: <email address hidden>
Date: Tue, 29 Jun 2004 12:02:09 -0400
From: Thom May <email address hidden>
To: <email address hidden>
Subject: Bug#229505: fixed in ssl-cert 1.0-8

Source: ssl-cert
Source-Version: 1.0-8

We believe that the bug you reported is fixed in the latest version of
ssl-cert, which is due to be installed in the Debian FTP archive:

ssl-cert_1.0-8.dsc
  to pool/main/s/ssl-cert/ssl-cert_1.0-8.dsc
ssl-cert_1.0-8.tar.gz
  to pool/main/s/ssl-cert/ssl-cert_1.0-8.tar.gz
ssl-cert_1.0-8_all.deb
  to pool/main/s/ssl-cert/ssl-cert_1.0-8_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thom May <email address hidden> (supplier of updated ssl-cert package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 29 Jun 2004 16:39:02 +0100
Source: ssl-cert
Binary: ssl-cert
Architecture: source all
Version: 1.0-8
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Thom May <email address hidden>
Description:
 ssl-cert - Simple debconf wrapper for openssl
Closes: 229505 241857 244636 246071 249365 251223
Changes:
 ssl-cert (1.0-8) unstable; urgency=low
 .
   * Set a title for Debconf questions.
   * Add Japanese translation by Hideki Yamane. (Closes: #244636)
   * Add Turkish translation by Recai Oktas. (Closes: #246071)
   * All questions must be answered.
     (Closes: #229505, #241857, #249365, #251223)
Files:
 ab0e7ae2d1c3e6d5dea88316f68b9497 1281 utils optional ssl-cert_1.0-8.dsc
 4a643f808a4709673ca1124217459d7b 14012 utils optional ssl-cert_1.0-8.tar.gz
 37efaf1445db516a607b44efabe48b14 6324 utils optional ssl-cert_1.0-8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQIVAwUBQOGNRrVnlGdHP376AQKqMQ//RKqbNcsrn6vvDpLcmU/Qa8s99Y68UZ+w
HIPke15e+n95xxXBABppg8kjBbutofJUPWIwbfkfGtHgd/JBV+KYEY/J330TKRAs
PzBFo77QwIwxzAlk0xkpsU4RCvjHROFya0WTiMpal7vWGR7oF7Ig9WxwPzyDv1Xw
0H1Qn9lX6sBjH3/3jr93prVMVx9nhs5Z3y7/Jw8xBdEzQo8yy+OoPnopT3xnU78H
69oFR1SCPR2jPYvaI7zCOulLiWMTBrX117aatkrG6FAwrlMESqSCOdA5MDHEnQvj
DZDy7rOrXlwNHC5+uOVOxK5l86d1AlKmGMu3NzIuACZLebLHpD5i1VenQbaYBYcL
alywnabn/n93SrXKphDNpqY1W6UavYqRrfjAgXGa/JTx5Z+D6upw5Ae/q06gukpR
ZW/2aAXDbAbbhXurLCcEO4bX4+fQ8vI71e/Je7A68oGfBKU7iuBCOXiH63efg1wh
H2F8/ktxhd4AO8Dr2vn1GdC8GRMHgvB+KUdXZU7GW7HpE651Gtewbo8mNG00RpwD
AYw4OnvE4Z5BTIVCALspEYIr0lA8UyLid25UZPKZTOB+8R0BbAV/iH6wVXaza18/
/wSR6vXRaWvfVD20fVAsvoiXeApBjcauLc6o5i0RAD7nMGIk6N4i5j9jbbEmCOro
SPPkNXDwCLM=
=CQf1
-----END PGP SIGNATURE-----

Mailed James to import -8 from sid.

Fixed in Debian in June 2004.