Date: Mon, 24 Aug 2020 07:57:56 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246614] certctl(8) silently overwrites certs with same subjects Message-ID: <bug-246614-227-iHOHL4trFN@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246614-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246614-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246614 --- Comment #6 from Michael Osipov <michael.osipov@siemens.com> --- Went through the given diff, there are still issues with it: * serial should be turned into decimal to avoid confusion * create_blacklisted() is completely ill-designed for several reasons: ** When processing all links must be purged first ** Blacklisted certs should not be linked at all ** using <hash>.r<digit> is wrong because the r suffix is solely reserved f= or CRLs. Look into c_rehash: elsif($hdr eq "X509 CRL") {$is_crl =3D 1;..} BUT the rehashing does work: > root@deblndw011x:/etc/ssl/certs > # ll | grep 8dc03e53 > lrwxr-xr-x 1 root wheel 52 2020-08-24 09:54 8dc03e53.0@ -> ../../../us= r/local/etc/ssl/certs/siemens-cert-14.crt > lrwxr-xr-x 1 root wheel 52 2020-08-24 09:54 8dc03e53.1@ -> ../../../us= r/local/etc/ssl/certs/siemens-cert-15.crt > root@deblndw011x:/etc/ssl/certs > # certctl list | grep "Siemens Internet CA V1.0" > 8dc03e53.0 Siemens Internet CA V1.0 --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246614-227-iHOHL4trFN>