View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005072 | unreal | ircd | public | 2018-02-24 17:30 | 2018-03-25 13:24 |
| Reporter | Le_Coyote | Assigned To | syzop | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Linux | ||||
| Product Version | 4.0.14 | ||||
| Target Version | 4.0.18 | ||||
| Summary | 0005072: Cannot reload certificates using rehash -ssl or reloadtls | ||||
| Description | While that feature seemed to work before, Unreal now seems incapable of reloading just the TLS certificates, whether it's told to by an operator using rehash -ssl, or from a the command line with the reloadtls parameter. A full rehash was needed in order to renew the certificate. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Do you have any certificate relate options in your configuration file(s)? Such as set::ssl::certificate, listen::ssl-options::certificate or any other xx:ssl-options::certificate? If so, could you copy-paste those settings? Were you locally connected as IRC Operator, so were you able to see any warnings/errors, did it just report success? Thanks! |
|
|
The only ssl settings are listen::options "ssl", and listen::ssl-options "certificate" and "key". The latter two match the path to the certificate and key files, respectively. There are no errors in the log or in the SNotices, just the expected information: *** [SSL rehash] Reloading all SSL related data (./unrealircd reloadtls) But when connecting, the certificate is still the old one. A rehash as a local/remote oper is the only way to load the new certificate. I've left the server in this "halfway" state, ie. the new certificate is present in the right path, but not loaded, in case there is anything more you would like me to do in terms of diagnostics. |
|
|
I see. When you say "A rehash as a local/remote oper is the only way to load the new certificate." do you mean a regular '/REHASH' (not '/REHASH -ssl') does resolve the situation? |
|
|
Yes, a regular rehash is necessary. '/REHASH -ssl' does not resolve the problem. |
|
|
Ok, thanks. Yes that gives me enough to duplicate the problem and look into a fix. Will do so later. Thanks for your help :) |
|
|
https://github.com/unrealircd/unrealircd/commit/9f18118f769d961c2dd6104f5f366bddeec70d77 commit 9f18118f769d961c2dd6104f5f366bddeec70d77 Author: Bram Matthys <[email protected]> Date: Sun Mar 25 13:22:19 2018 +0200 Fix './unrealircd reloadtls' not reloading certificates/keys if listen::ssl-options, sni::ssl-options or link::outgoing::ssl-options are used. In short: it only reloaded the ones from set::ssl until now. Bug reported by Mr_Smoke (0005072) I'll clarify in the release notes this also applied to '/rehash -ssl' of course. Thanks for the report! |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-02-24 17:30 | Le_Coyote | New Issue | |
| 2018-03-07 10:46 | syzop | Note Added: 0020041 | |
| 2018-03-07 10:46 | syzop | Assigned To | => syzop |
| 2018-03-07 10:46 | syzop | Status | new => feedback |
| 2018-03-07 10:46 | syzop | Note Edited: 0020041 | |
| 2018-03-07 10:47 | syzop | Severity | minor => major |
| 2018-03-07 17:12 | Le_Coyote | Note Added: 0020043 | |
| 2018-03-07 17:47 | syzop | Note Added: 0020044 | |
| 2018-03-07 17:48 | Le_Coyote | Note Added: 0020045 | |
| 2018-03-08 09:30 | syzop | Note Added: 0020046 | |
| 2018-03-08 09:30 | syzop | Status | feedback => acknowledged |
| 2018-03-25 13:24 | syzop | Status | acknowledged => resolved |
| 2018-03-25 13:24 | syzop | Resolution | open => fixed |
| 2018-03-25 13:24 | syzop | Note Added: 0020068 | |
| 2018-03-25 13:24 | syzop | Target Version | => 4.0.18 |
