vsftp has a bug with Fedora 32 – how do I report it: 500 OOPS: SSL: cannot load RSA private key vsftpd

Richard T asked:

Just to be clear, this is as of Fedora 32, and vsftpd-3.0.3-36.fc32.x86_64 for vsftpd.

This is NOT the same problem as previously was reported here, but it has the same outward appearance and, indeed, the answer(s) there were helpful in my figuring out there are bugs worthy of reporting which I haven’t yet figured out how to report yet, which is the main question being asked as I’ve spent more than a day on this I should not have had to spend.

While I here describe how to get it to work, and while if "the powers that be" described this, all this would be unnecessary, I think this is more than just a "documentation bug", as it wastes substantial time and the developers and people responsible for the package need to address this, though surely better documentation would help considerably. (THIS WOULD EASILY BE THREE different "questions" here, so I hope the mods don’t push this out somehow as sometimes happens.)

Put most simply, while available online evidence says that if you have OpenSSL already installed, you don’t need to bother with configuring any of the SSL configuration options, that’s just simply false. And secondly, the lack of anything telling us something differently implies we can use our existing keys, and that’s simply false also. Additionally the location the vsftp software is looking is also "wrong." And, finally, the error messages are entirely unhelpful while they could be directing us directly to the problem(s). (Notably, adding debug_ssl=YES was useless when it could have been invaluable at saving hours – maybe it doesn’t even exist any more though you can find recommendations for using it in web searches.)

The three key problems with the default installation at this time are:

  1. If you want encryption, you MUST configure the SSL options, reasonably described here. And;

  2. You need to make the keys differently. What worked for me was making the key as 2048 instead of 1024, but NOWHERE does it tell you this. I only found it from the above cited link to another stack-overflow article. (Thanks team!) And;

  3. The distribution of these two packages – Fedora Server 32 and vsftp – disagree about where the files belong and you must adjust the vsftp package or make your own plans. The vsftp package looks here: /usr/share/ssl/certs while the normal places on this distribution are here: /etc/pki/tls/ and here: /etc/pki/tls/private

SO MY QUESTION IS: How do I report this, so that these packages better match one another and we don’t waste all our time on this?

Meanwhile, here are some other helpful bits:

Fix the key problem by making a new one – as in this example:

openssl req -x509 -nodes -days 720 -newkey rsa:2048 -keyout vsftpd.key -out /../vsftpd.pem

Fix the "pointer" problem by adding directives similar to these to your /etc/vsftpd/vsftpd.conf file:


Help improving these packages by helping in reporting these bugs is very much appreciated. Honestly, I spent a lot of time looking and not finding out where to report these; maybe a competent response here can help with more than reporting on just this package?

My answer:

You report bugs in Fedora in the same place as for the entire 17 years of its existence: in Red Hat Bugzilla. See How to file a bug in the Fedora documentation for further details.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.