[Bug 1160435] [NEW] Unreadable or symlinked openssl.cnf breaks bind9
Ville Walveranta
ville at walveranta.org
Tue Mar 26 15:37:48 UTC 2013
Public bug reported:
If /etc/ssl/openssl.cnf is unreadable by bind9 process, or is symlinked
from another file (regardless of whether the target is readable by bind9
or not), bind9 will not start.
This is apparently the same issue as what was discussed on the Debian side in 2010:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584911
I have several custom openssl.cnf files, and recently decided to symlink
the 'default' openssl.cnf to one of them (the target is world
readable). On the next reboot bind would not start. With a lot of
digging, much like in the debian ticket I referred to above, I
eventually clued in on the fact that somehow OpenSSL is involved even
though it's not an advertised dependency.
If this can't be corrected (i.e. so that bind would start regardless of
whether openssl.cnf can be accessed), perhaps a more informative error
message could be added. A simple "cannot read openssl.cnf" would have
saved me an hour of debug time.
--
Description: Ubuntu 12.04.2 LTS
Release: 12.04
bind9:
Installed: 1:9.8.1.dfsg.P1-4ubuntu0.5
Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.5
Version table:
*** 1:9.8.1.dfsg.P1-4ubuntu0.5 0
500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
100 /var/lib/dpkg/status
1:9.8.1.dfsg.P1-4 0
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1160435
Title:
Unreadable or symlinked openssl.cnf breaks bind9
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1160435/+subscriptions
More information about the Ubuntu-server-bugs
mailing list