/etc/ssl/openssl.cnf not the Yuno version?

:uk:/:us: /etc/ssl/openssl.cnf is not the Yunohost’s file

My YunoHost server

Hardware: VPS Kimsufi KS7 (remote)
YunoHost version: 4.3.6
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes?? That’s actually the issue…
If yes, please explain: I don’t know why, can’t remember to have ever touched that, but my /etc/ssl/openssl.cnf seems to be the default distribution version instead of the Yunohost’s supplied version

Description of my issue

I was trying to figure out why http-upload would not work with my Metronome, and digging into it, I figured there was some significant difference between what I have in /etc/ssl/openssl.cnf and even an old version of the file from Yunohost (let alone latest changes in 2020).

So now, here’s what I plan, and what I wonder:
I plan to backup the current file and copy the Yunohost’s version over from the template in /usr/share/yunohost/templates.

Questions:

1.I’m not so expert in ssh/ssl to be sure, so is there any chance I could lose my remote ssh access by messing around with that file?
2.Are there any tweak I need to do from the template, or is it really just a copy of the file?

3.If that file is not what it should, I’m wondering if I have others not matching either that are not checked by moulinette (yunohost tools regen-conf did not catch it). What else could be impacted??

I don’t think, you can copy the file directly. or just use the regen conf feature…

Normally, yunohost tools regen-conf should return each modified files (unless there are some hooks to change the file after an upgrade of this file).

1 Like

Ok, I think I got my answer: if I check
/etc/yunohost/regenconf.yml

/etc/ssl/openssl.cnf is not listed
/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf IS listed

The template is not meant to generate the file in /etc.