[Bug 1160435] Re: Unreadable or symlinked openssl.cnf breaks bind9

Robie Basak 1160435 at bugs.launchpad.net
Mon Apr 1 12:20:44 UTC 2013 

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

Thanks for linking to the Debian bug. According to the discussion there,
this is a bug in openssl and not in bind9. It seems likely to me that
this will not get fixed in Ubuntu until it is fixed in Debian.

** Changed in: bind9 (Ubuntu)
       Status: New => Triaged

** Changed in: bind9 (Ubuntu)
   Importance: Undecided => Medium

** Package changed: bind9 (Ubuntu) => openssl (Ubuntu)

** Bug watch added: Debian Bug tracker #584911
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584911

** Also affects: openssl (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584911
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1160435

Title:
  Unreadable or symlinked openssl.cnf breaks bind9

Status in “openssl” package in Ubuntu:
  Triaged
Status in “openssl” package in Debian:
  Unknown

Bug description:
  If /etc/ssl/openssl.cnf is unreadable by bind9 process, or is
  symlinked from another file (regardless of whether the target is
  readable by bind9 or not), bind9 will not start.

  This is apparently the same issue as what was discussed on the Debian side in 2010:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584911

  I have several custom openssl.cnf files, and recently decided to
  symlink the 'default' openssl.cnf to one of  them (the target is world
  readable).  On the next reboot bind would not start.  With a lot of
  digging, much like in the debian ticket I referred to above, I
  eventually clued in on the fact that somehow OpenSSL is involved even
  though it's not an advertised dependency.

  If this can't be corrected (i.e. so that bind would start regardless
  of whether openssl.cnf can be accessed), perhaps a more informative
  error message could be added.  A simple "cannot read openssl.cnf"
  would have saved me an hour of debug time.

  --

  Description:    Ubuntu 12.04.2 LTS
  Release:        12.04

  bind9:
    Installed: 1:9.8.1.dfsg.P1-4ubuntu0.5
    Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.5
    Version table:
   *** 1:9.8.1.dfsg.P1-4ubuntu0.5 0
          500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
          100 /var/lib/dpkg/status
       1:9.8.1.dfsg.P1-4 0
          500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1160435/+subscriptions

More information about the foundations-bugs mailing list