Printer SSL certificates are added but never removed, resulting in "no suitable destination host found by cups-browsed"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cups (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
If a printer preferrably prints through ipps, Cups will store the printers (self signed) certificate in /etc/cups/ssl/
However, if this certificate becomes outdated or invalid, or if it changes, it will *not be removed* and Cups only complains that the "backend returned status 4", "No suitable destination host found by cups-browsed". Even removing the printer manually will not remove the old certificate, rendering the printer invalid for life: when te printer re-appears, the old, invalid certificate is still there, resulting in the printer still not working.
Steps to reproduce:
- use a printer that prefers ipps, let's call it printer_bob
- let this printer appear in your printer list
- make a test print
- Now remove the printer and check that the certificate will survive:
lpadmin -x printer_bob; ls -al /etc/cups/
What happens:
- certificate is still there
What should happen:
- a removed printer should not have a certificate left
Now in this example, it's rather harmless because the certificate is probably still valid. But a printer update, rename or otherwise will render it invalid and printing will become impossible.
You could simulate a name change for printers:
mv /etc/cups/
Or simply mess up the certificate:
sed -i '2s/./a/g' /etc/cups/
After this, you will *not* be able to print to printer-bob, because bob has the wrong certificate (obviously). Removing printer-bob does not help. You will need to manually remove the certificate in order to make bob print again. /var/log/
summary: |
- Printer SSL certificates are added but never removed, resulting in non - working printers + Printer SSL certificates are added but never removed, resulting in "no + suitable destination host found by cups-browsed" |