Date: Mon, 24 Aug 2020 07:57:56 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246614] certctl(8) silently overwrites certs with same subjects Message-ID: <bug-246614-227-iHOHL4trFN@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246614-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246614-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614 --- Comment #6 from Michael Osipov <michael.osipov@siemens.com> --- Went through the given diff, there are still issues with it: * serial should be turned into decimal to avoid confusion * create_blacklisted() is completely ill-designed for several reasons: ** When processing all links must be purged first ** Blacklisted certs should not be linked at all ** using <hash>.r<digit> is wrong because the r suffix is solely reserved for CRLs. Look into c_rehash: elsif($hdr eq "X509 CRL") {$is_crl = 1;..} BUT the rehashing does work: > root@deblndw011x:/etc/ssl/certs > # ll | grep 8dc03e53 > lrwxr-xr-x 1 root wheel 52 2020-08-24 09:54 8dc03e53.0@ -> ../../../usr/local/etc/ssl/certs/siemens-cert-14.crt > lrwxr-xr-x 1 root wheel 52 2020-08-24 09:54 8dc03e53.1@ -> ../../../usr/local/etc/ssl/certs/siemens-cert-15.crt > root@deblndw011x:/etc/ssl/certs > # certctl list | grep "Siemens Internet CA V1.0" > 8dc03e53.0 Siemens Internet CA V1.0 -- You are receiving this mail because: You are on the CC list for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246614-227-iHOHL4trFN>