Date: Mon, 24 Aug 2020 15:01:08 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246614] certctl(8) silently overwrites certs with same subjects Message-ID: <bug-246614-227-VS2r9Edo26@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246614-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246614-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246614 --- Comment #9 from Michael Osipov <michael.osipov@siemens.com> --- (In reply to Kyle Evans from comment #8) Not even that. The origin c_rehash is not aware of blacklists, only CRLs. So the idea behind a blacklist is that you exclude specific certs from install= ing. This means that if a cert exists in the blackist and in the source, the hash link is never created (or removed) is /etc/ssl/certs. They must be skipped. When the link is established, OpenSSL assumes that you trust that entity. If you don't want to work with blacklists, use CRL. I don't see a reason to co= py with the original name. What benefit should that give? --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246614-227-VS2r9Edo26>