On Mon, Jun 07, 2021 at 11:00:42PM +0200, Vladimir Tiukhtin wrote: > I use "ca-certs" to supply additional certificates. With just one certiticate > everything > works as expected, however when provided more than one, cloud-init adds them > into a single > file which causes "openssl rehash" to fail as it expects exactly one > certificate per file. > As the result programmes using openssl doen not trus certificates issued by > provided CAs.
The certificates do still get added to /etc/ssl/certs/ca-certificates.crt, so you should still be able to do file-based verification even if path-based verification doesn't work. (See https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_file.html and the -CApath and -CAfile options to "openssl verify") > The bug is confirmed on Hetzner Cloud. I did not try other clouds There's nothing provider specific about this functionality, so it will impact people regardless of where cloud-init is running. I've forwarded your report upstream. See https://bugs.launchpad.net/cloud-init/+bug/1931174 noah
