335077 – mail-mta/netqmail-1.06: mkservercert -nodes switch contradicts encrypt_key in servercert.cnf

Bug 335077 - mail-mta/netqmail-1.06: mkservercert -nodes switch contradicts encrypt_key in servercert.cnf

Summary: mail-mta/netqmail-1.06: mkservercert -nodes switch contradicts encrypt_key in...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High trivial
Assignee:	Qmail Team (OBSOLETE)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-29 02:29 UTC by Bryan Parker
Modified:	2013-05-27 00:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bryan Parker 2010-08-29 02:29:50 UTC

Lines 47-48 of /var/qmail/bin/mkservercert:
/usr/bin/openssl req -new -x509 -days ${days} -nodes \
        -config ${conffile} -out $pemfile -keyout $pemfile -rand ${randfile} || cleanup

Line 9 of /var/qmail/control/servercert.cnf:
encrypt_key = yes

OpenSSL documentation of encrypt_key:
"If this is set to no then if a private key is generated it is not encrypted. This is equivalent to the -nodes command line option."

My intent of this bug report is to inquire why encrypt_key = yes is in servercert.cnf, yet why mkservercert uses the -nodes switch to contradict the option.

Reproducible: Always

Steps to Reproduce:
1. Run /var/qmail/control/servercert.cnf
Actual Results:  
Key is not encrypted.

Expected Results:  
Key is not encrypted.

Comment 1 Bryan Parker 2010-08-29 02:37:12 UTC

Apologies, step to reproduce should have been "Run /var/qmail/bin/mkservercert"

Comment 2 Robin Johnson archtester

2013-05-27 00:46:16 UTC

InCVS.