Date: Mon, 24 Aug 2020 15:49:37 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246614] certctl(8) silently overwrites certs with same subjects Message-ID: <bug-246614-227-TFcPWS7DOr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246614-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246614-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246614 --- Comment #11 from Michael Osipov <michael.osipov@siemens.com> --- (In reply to Kyle Evans from comment #10) Correct. I would start populate blacklist first and then generate links. Ca= re must be taken if <digit> diverge, say you have n certs in blacklist with the same subject hash, great care must be taken when creating links that the correct certs is excluded from linking (https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.h= tml). I think the general approach is to calculate a hash on the ASN.1 DER-encoded form of the ticket which will be truly unique. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246614-227-TFcPWS7DOr>