Red Hat Bugzilla – Bug 845942
genkey should work without mod_ssl and mod_nss
Last modified: 2014-02-25 02:53:20 EST
+++ This bug was initially created as a clone of Bug #845940 +++
Description of problem:
crypto-utils has a missing dependancy on mod_ssl and fails to run.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. remove mod_ssl if already installed
2. install crypto-utils
3. run "genkey -days 1 localhost"
¦ package mod_ssl is not installed ¦
¦ It is required to generate this type ¦
¦ of CSRs or certsfor this host: ¦
¦ Press return to exit ¦
¦ +-------+ ¦
¦ ¦ Close ¦ ¦
genkey creates a certificate
simply add mod_ssl as a dependency. This also affects Fedora 17
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '16'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 16's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 16 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" and open it against that version of Fedora.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
Switching Version to Rawhide to prevent this bug from getting closed with F16 EOF.
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.
(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)
More information and reason for this action is here:
The bug is still here in F19. It is not possible to use genkey tool from crypto-utils without installing Apache web-server. Which is rather common use case, since there are a lot of nginx installations which don't need httpd.
The "port" of crypto-utils to use NSS exclusively for its cryptography as part of the old crypto consolidation effort. Please see
where you can see in the the entry for crypto-utils "openssl or nss selectable via command line option". The goal of using nss exclusively for the crypto services was accomplished but since it's meant to support both mod_nss and the mod_ssl, it consequently needs openssl.
Perhaps the tools should have been split into two, one for mod_ssl (openssl) and one for mod_nss (nss) instead of the rather complex perl script it has that tries to do it both ways. In addition to having two tools, creating two separate packages, each with it own requirements, would have made things a lot cleaner.
As implemented, one package/tool to support both use cases, crypto-utils.spec needs a Requires: openssl.
I think 'Requires: mod_ssl' is better than 'Requires: openssl'.
There is actually no reason that the package should "Requires: mod_ssl", nor mod_nss. The package should work correctly without either package installed. Checking for presence of mod_nss in genkey *iff --nss is specified* is fine but there is no need to check for mod_ssl AFAICT.
I will leave this bug open to the underlying issue, that genkey should work without mod_ssl installed.
Fixed in updates.
Closed in error.
crypto-utils-2.4.1-52.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing crypto-utils-2.4.1-52.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
crypto-utils-2.4.1-52.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.