New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl_dhparam resource does not set the specified mode if the file already exists #8099

anewb opened this Issue Jan 6, 2019 · 1 comment


None yet
2 participants
Copy link

anewb commented Jan 6, 2019


The openssl_dhparam resource does not honor the specified mode if the file already exists.

Chef Version

Chef Client, version 14.8.12

Platform Version

Ubuntu 18.04.1 LTS

Replication Case

Create a recipe with

openssl_dhparam '/etc/ssl/certs/dhparam.pem' do

and let chef-client run once.

Then change recipe to

openssl_dhparam '/etc/ssl/certs/dhparam.pem' do
  mode '0600'

Chef-client will not change the mode of the file on a subsequent run. I would expect if the mode is specified, it should be set according to specification.
To achieve this, the file ressource should be executed in every case, not just if there is no valid dhparam.pem file. Should be a trivial fix.

Client Output

* openssl_dhparam[/etc/ssl/certs/dhparam.pem] action create (up to date)


This comment has been minimized.

Copy link

dheerajd-msys commented Jan 8, 2019

@anewb, Thank you for pointing this issue. We have got it reproduced and will be working on to fix it soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment