Description of problem: The default permissions of generated SSL certificate/key do not make sense, because prosody drops root privilege very soon (if it's running under these permissions at all). Thus the SSL certificate/key can not be read by default. Default permission is root:root and 700 for both SSL certificate and key. Version-Release number of selected component (if applicable): prosody-0.8.2-5.el6.x86_64 How reproducible: Everytime, just set up a plain prosody and have a look for SSL/TLS issues. Actual results: Default permissions of generated SSL certificate/key do not make sense Expected results: More wise file permissions for generated SSL certificate/key in the future. Additional info: This issue affects all Fedora and EPEL branches! Please apply the attached patch or better.
Created attachment 738715 [details] Patch suggestion for prosody.spec to solve SSL cert/key issue
Thanks for your report and your patch :) Just a note about the modified openssl command, this was discussed during package review, and decision has been make to let openssl defaults do their job (see https://bugzilla.redhat.com/show_bug.cgi?id=551765#c28 and others); so I'll not change that one.
Ah! Good to know. Then skip that part.
prosody-0.8.2-8.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/prosody-0.8.2-8.fc18
prosody-0.8.2-6.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/prosody-0.8.2-6.el6
prosody-0.8.2-6.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/prosody-0.8.2-6.fc17
prosody-0.8.2-9.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/prosody-0.8.2-9.el5
prosody-0.8.2-9.el5 has been pushed to the Fedora EPEL 5 testing repository.
prosody-0.8.2-9.el5 has been pushed to the Fedora EPEL 5 stable repository.
prosody-0.8.2-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
prosody-0.8.2-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
prosody-0.8.2-6.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.