Package: dnssec-trigger Version: 0.15+repack-1 Followup-For: Bug #898969 Control: retitle -1 dnssec-trigger: fails with OpenSSL 1.1.1 due to too-small key and unknown ca Control: severity -1 serious
If I delete the existing keys and recreate them with dnssec-trigger- control-setup (since dnssec-triggerd-keygen is broken) and restart dnssec-triggerd, I get an error repeating over and over again: error: remote control failed ssl crypto error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca I realised this is because of my existing dnssec-trigger-panel process. I also noticed that the unbound TLS key is also insecure and needs to be replaced too otherwise dnssec-triggerd cannot control unbound to add forwarders and make other changes. -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dnssec-trigger depends on: ii gir1.2-nm-1.0 1.12.2-3 ii libc6 2.27-6 ii libgdk-pixbuf2.0-0 2.36.12-2 ii libglib2.0-0 2.58.0-3 ii libgtk2.0-0 2.24.32-3 ii libldns2 1.7.0-3+b2 ii libssl1.1 1.1.1-1 ii python3 3.6.5-3 ii python3-gi 3.28.3-1 ii python3-lockfile 1:0.12.2-2 ii unbound 1.7.3-1 dnssec-trigger recommends no packages. dnssec-trigger suggests no packages. -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
