The debian site config for ssl has this snippet:
# A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
set_directive makes it into this:
# If both key and certificate are stored in the same file, only the SSLCertificateFile /var/lib/ipa/certs/httpd.crt SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /var/lib/ipa/private/httpd.key
which breaks the config.
Metadata Update from @rcritten: - Issue assigned to rcritten
I haven't been able to replicate this with a simple unit test:
from ipaserver.install import installutils installutils.set_directive('test.conf', 'SSLCertificateFile', '/somewhere/kewl', False)
It produces the expected output with just one SSLCertificateFile
here's the full file <img alt="default-ssl.conf" src="/freeipa/issue/raw/files/59eb1ae4daf5ce76a33c26c4af60dabab95311395d03c8f8c45c9515c1e65afe-default-ssl.conf" />
I can duplicate it using the whole file and not just a small snippet.
The problem is that the line matcher looks for directive + separator. separator in this case is space.
This file uses tabs as separator in some places so it doesn't find a match.
IIRC the reason for adding the separator to the mix is to be able to match an entire directive and not just the prefix of one.
https://github.com/freeipa/freeipa/pull/1805
Metadata Update from @stlaz: - Issue set to the milestone: FreeIPA 4.7
Metadata Update from @stlaz: - Issue priority set to: important
master:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.