Bug#1091317: ssl-cert: enable generation of snakeoil for --hostname

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1091317: ssl-cert: enable generation of snakeoil for --hostname
From: Martin-Éric Racine <martin-eric.racine@iki.fi>
Date: Mon, 23 Dec 2024 21:13:51 +0200
Message-id: <[🔎] 173498123152.13996.2666800651041075694.reportbug@p8h61.internal>
Reply-to: Martin-Éric Racine <martin-eric.racine@iki.fi>, 1091317@bugs.debian.org

Package: ssl-cert
Version: 1.1.2
Severity: normal
X-Debbugs-Cc: martin-eric.racine@iki.fi

In its current form, 'make-ssl-cert --force-overwrite generate-default-snakeoil' generates a KEY and PEM pair for 'hostname'.  This produces an invalid certificate if the HTTP server is running on an interface other than the default one. It would therefore be desirable to specify '--hostname foo' to generate the certificate for the correct FQDN.

Thanks!
Martin-Éric

-- System Information:
Debian Release: 12.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-28-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ssl-cert depends on:
ii  adduser                3.134
ii  debconf [debconf-2.0]  1.5.82
ii  openssl                3.0.15-1~deb12u1

ssl-cert recommends no packages.

ssl-cert suggests no packages.

-- debconf information:
  make-ssl-cert/altname:
  make-ssl-cert/hostname: localhost
  make-ssl-cert/title:
  make-ssl-cert/vulnerable_prng:

Reply to:

Prev by Date: Re: Questions
Previous by thread: Re: Questions
Index(es):
- Date
- Thread