[cups.general] (report possible bug?) cups should behave reasonable without a certificate

[Zhang Weiwu]

I just upgraded cups to 1.2.6 on a Gentoo Linux box on Ultrasparc. By
default configuration, if someone tries to access port 631 with 'https'
protocol (not sure TLS or SSL causes trouble), then cupsd will stop
function: no page displayed, timeout, even try to connect again with
http (no TLS/SSL) still gets timeout, kill the cupsd process with TERM
doesn't work, kill it with KILL signal works.

I know I should have configured certificate before using https, so I did
it. After certificate, keyfiles are correctly configured, accessing with
https is OK.

This might present a possible bug: if someone set up cups and do not set
up TLS/SSL for it, this cups server is vulnerable to a very simple
attack: doing a https connection to it can stop the print service.

If this is expected (cups do not work if without SSL) then I guess we
can deliver packages with a default SSL certificate. Such SSL
certificate is not secure, but it prevent cups daemon being attached by
very simple attack like described above. Or perhaps most users do not
suffer from this problem because in other OSs the package is by default
SSL-not-compiled-in?

My compile config include jpeg, nls, pam, png, ppd, slp, ssl, tiff
support. 

sappho ~ # emerge -pv cups

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] net-print/cups-1.2.6  USE="jpeg nls pam png ppds slp ssl
tiff -X -dbus -php -samba" 0 kB 

Total size of downloads: 0 kB

sappho ~ # uname -a
Linux sappho.realss.com 2.6.18-gentoo-r3 #21 Thu Dec 21 10:12:23 HKT
2006 sparc64 sun4u TI UltraSparc IIi (Sabre) GNU/Linux