[cups-devel] 2.x: Server{Certificate, Key} in cups-files.conf not considered?
Peter Mattern
matternp at arcor.de
Mon Dec 8 06:50:37 PST 2014
Am 05.12.2014 um 18:28 schrieb Michael Sweet:
> Do you mean that CUPS is rejecting a connection if you connect using a
> hostname different from ServerName, or ???
No, of course not. The setting is like so: Linux hosts, with regards to
DNS only the hostname itself is set at host level (/etc/hostname), any
assignment of FQDNs is done by DNS servers.
Say a host foo is listening on an external interface that was assigned
foo.example.org. Then CUPS will accept connections
http[s]://foo.example.org:631 as long as ServerName isn't set at all.
But it will stop accepting those connections and sent "Bad Request"
instead once there's an entry "ServerName foo.example.org".
Nothing similar can be seen with ServerAlias which behaves as expected.
With regards to the certificate topic one more thing came to my mind:
The changes in 2.x involve that certificates' and keys' filenames are no
longer arbitrary, but always chosen according to FQDNs as stated by
requests. This seems to be missing in the documentation.
I think it would pretty much ease understanding those changes if this
detail was mentioned somewhere, e. g. in man cups-files.conf, section
ServerKeychain. (I'd even be willing to write this if desired, but I
fear my English isn't suitable to do so...)
More information about the cups
mailing list