[SOLVED] broken CUPS on 15.0 and -current: certificate creation fails (bug?), Cups crashes
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
broken CUPS on 15.0 and -current: certificate creation fails (bug?), Cups crashes
Hi,
my CUPS setup once worked fine and broke. It's on arm, but I was able to reproduce the error on x64, both 15.0 and a fresh installed -current.
Here's what's happening:
when connecting to the cups interface via HTTPS, remotely or on the localhost, the cups process dies. Connecting via plain HTTP causes no issue. Since CUPS redirects you to https in the admin-parts of the WebUI, it becomes impossible to manage.
On a side note: CUPS generates its own certificates, but this doesn't work, too. I have to set "ServerKeychain /etc/cups/ssl" explicitly in /etc/cups/cups-files.conf, although it is supposed to be the default value.
Steps to reproduce:
1) Install slackware and upgrade if necessary
2) chmod +x /etc/rc.d/rc.cups
3) set "LogLevel debug2" in /etc/cups/cupsd.conf
4) /etc/rc.d/rc.cups start
5) lynx https://localhost:631
6) see /var/log/cups/error_log and uncomment "ServerKeychain ssl" in /etc/cups/cups-files.conf (or the full path)
7) Restart cups, repeat 5) and press "y" when asked to accept the self-signed cert (twice)
8) see cert+key get created in /etc/cups/ssl and check if cups has crashed. Try some more https connections to make it crash
I hope someone will be able to reproduce the problem, I'm stuck
that's probably because your browser redirects you to https by default (it's a feature found in all modern browser to eliminate http:// usage).
try to enter http protocol to gain access to CUPS web-based interface
Hi willysr,
thanks for taking the time to reply.
I'm afraid this isn't a client problem and my browser doesn't use https automatically. As I wrote in my initial post, connecting via http only works fine.
Unfortunately that's no solution as some pages in the UI require https and I can't disable it completely, so any https connection will kill the server process.
I've put an nginx proxy to do the ssl stuff now, I couldn't find any other way to keep cupsd from crashing. In the default configuration cups can't create its self signed certs, so it can never be accessed via https and so it never crashes, I suppose. This may be okay when it's local only and never accessed via network.
I don't know if y'all tried to reproduce it with a clean install including latest, but if so: please leave a short message even if you couldn't reproduce the error :-)
I've noticed this recently as well. Browsing the web UI works OK over HTTP, but when it redirects to HTTPS for the Administration page, cupsd crashes from a segfault. I have a manually-generated self-signed certificate configured for CUPS. Some googling found issue #409 on the OpenPrinting/cups Github site. I haven't noticed crashes due to print jobs, but the underlying cause there is an interaction with OpenSSL that seems likely to also be relevant to this problem. I reverted my cups package from the 2.4.2 version that's currently in /patches/ to the 2.3.3op2 version from the 15.0 release. The older version does not have a problem with HTTPS. It appears to be using GnuTLS instead of OpenSSL.
Thanks for the confirmation!
I've found some time to test the patch from cups' github repo and this fixes the crashes. I mailed a bug report to PV, hope he'll fix the package.
It sounds like the openssl option they added for 2.4.x is buggy. Perhaps Pat would consider just using gnutls until they work things out.
I spent a bit of time trying to get cups working with a cert issued by a two tier CA on my slackware 15 box. Finally saw the issue below after noticing this post and the other CUPS issue link posted, which told me its not going to work currently with their openssl implementation. It does work with the gnutl option in cups 2.3.3op2.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.