From owner-freebsd-bugs@freebsd.org Wed May 20 19:51:59 2020 Return-Path: Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0285E2F36CC for ; Wed, 20 May 2020 19:51:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49S3L64G5Dz3SBG for ; Wed, 20 May 2020 19:51:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 9208B2F36CB; Wed, 20 May 2020 19:51:58 +0000 (UTC) Delivered-To: bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 91C8C2F3993 for ; Wed, 20 May 2020 19:51:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49S3L63N43z3SLY for ; Wed, 20 May 2020 19:51:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6F3A0213C1 for ; Wed, 20 May 2020 19:51:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 04KJpwtJ006177 for ; Wed, 20 May 2020 19:51:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 04KJpwDL006176 for bugs@FreeBSD.org; Wed, 20 May 2020 19:51:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246614] certctl(8) silently overwrites certs with same subjects Date: Wed, 20 May 2020 19:51:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: michael.osipov@siemens.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2020 19:51:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246614 Bug ID: 246614 Summary: certctl(8) silently overwrites certs with same subjects Product: Base System Version: 12.1-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: michael.osipov@siemens.com When additional trusted certificates are added with the same subject instea= d of increasing n in .n it does overwrite .0. Here are two certs with the same subject hash: subject: CN=3DSiemens Internet CA V1.0,OU=3DCopyright (C) Siemens AG 2011 A= ll Rights Reserved,serialNumber=3DZZZZZZV0,O=3DSiemens,C=3DDE issuer: CN=3DBaltimore CyberTrust Root,OU=3DCyberTrust,O=3DBaltimore,C=3DIE source: Siemens subject hash: 8dc03e53 fingerprint (SHA-1): 1C:7D:56:40:9E:CB:A4:96:8B:8F:FF:41:78:31:86:06:DE:DB:05:32 fingerprint (SHA-256): 3E:BF:5F:FE:C5:82:D2:7C:69:3D:1B:C3:01:04:A6:3B:BB:FC:36:52:C7:8A:95:02:7E:= 91:B7:F8:8D:AC:63:45 -----BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIQDL0FAAzqeadFvWvsl9xaiDANBgkqhkiG9w0BAQsFADBa MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2 MDMwMTEyNDMzOFoXDTIxMDMwMTEyNDMzOFowgZExCzAJBgNVBAYTAkRFMRAwDgYD VQQKDAdTaWVtZW5zMREwDwYDVQQFEwhaWlpaWlpWMDE6MDgGA1UECwwxQ29weXJp Z2h0IChDKSBTaWVtZW5zIEFHIDIwMTEgQWxsIFJpZ2h0cyBSZXNlcnZlZDEhMB8G A1UEAwwYU2llbWVucyBJbnRlcm5ldCBDQSBWMS4wMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAtOKu51fv/rScjbH0r0Uol/O96u8qGrtBQ+thN0A0ryzw sgcU4QAp8nPYt6cRSI+29ysibk4xevVNfWCKOTquYntPOSXmyhXaPOKgJ588zr+1 F1//yODojIn+yDIRDR9mix/Znwa1K6ECXismikPP4GtqHv7Pj9T6QVonMHfntCFB 6fO8NN0akVJBZoS9ejtueypkKrYTAtzrA7R102kcp30UDPtrwtDXCFIvjfVmJmp3 0e2QX2kVhIYx7PtX+qLCVPOMujT3wJQ8tnLCTnRAv6MIgz7Ufp7AFF0TdUvVlHQ0 w6XqQJMgvlY4libFBZgW4hZ146STgsD+uRO1YODa8QIDAQABo4IBGTCCARUwHQYD VR0OBBYEFBGqTpwKTU4XVhuUVzgB8rc1pEllMB8GA1UdIwQYMBaAFOWdWTCCR1jM rPoIVDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGG MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl cnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv bS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUF BwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUA A4IBAQA2D2N0Cnpk+cXutX6rfjebXl9C/rmOpxjHBEOJcUf4In/wZ8KO2ZaHlKdO l6Hr8Ui4pZe6N/6lItx3aPhTBEd8buo+ApGtwDJIwB5ExsfDmCq9w7xo6ICb/TRP Z867M411fhkh0pPqecVLSeqx5To0HM1Pixl7q8BmL4kyN4Oz0J/Uuy/UGuFCL7BF nIkzUPL8oMdlwnUrWMPeHSOqgVinx3DEc4ysZBQ8lSYcAQj2xGLH+8Bict24VGV3 RsdJ2yCtXbg2H6Vj4R2Gtm4GdyK/kFgjd1aLYSxWD82G9IJPv4EvZsQyOtJqfhPn Wp3ujLiX4hL9XpsnfGjDqzoU4y1K -----END CERTIFICATE----- subject: CN=3DSiemens Internet CA V1.0,OU=3DCopyright (C) Siemens AG 2011 A= ll Rights Reserved,serialNumber=3DZZZZZZV0,O=3DSiemens,C=3DDE issuer: CN=3DBaltimore CyberTrust Root,OU=3DCyberTrust,O=3DBaltimore,C=3DIE source: Siemens subject hash: 8dc03e53 fingerprint (SHA-1): 04:E8:21:81:E0:9E:4E:DC:46:3C:1F:E2:67:41:60:5C:80:E8:18:11 fingerprint (SHA-256): 24:E5:6F:48:60:44:46:D8:A8:37:3B:43:CA:29:D1:A1:C4:97:72:E5:AA:BA:8B:A7:C1:= 76:62:BD:60:DA:8D:F6 -----BEGIN CERTIFICATE----- MIIE4TCCA8mgAwIBAgIEBydWSzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTExMDcxNDE2MTE0MVoX DTIzMDcxNDE2MTExN1owgZExCzAJBgNVBAYTAkRFMRAwDgYDVQQKDAdTaWVtZW5z MREwDwYDVQQFEwhaWlpaWlpWMDE6MDgGA1UECwwxQ29weXJpZ2h0IChDKSBTaWVt ZW5zIEFHIDIwMTEgQWxsIFJpZ2h0cyBSZXNlcnZlZDEhMB8GA1UEAwwYU2llbWVu cyBJbnRlcm5ldCBDQSBWMS4wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtOKu51fv/rScjbH0r0Uol/O96u8qGrtBQ+thN0A0ryzwsgcU4QAp8nPYt6cR SI+29ysibk4xevVNfWCKOTquYntPOSXmyhXaPOKgJ588zr+1F1//yODojIn+yDIR DR9mix/Znwa1K6ECXismikPP4GtqHv7Pj9T6QVonMHfntCFB6fO8NN0akVJBZoS9 ejtueypkKrYTAtzrA7R102kcp30UDPtrwtDXCFIvjfVmJmp30e2QX2kVhIYx7PtX +qLCVPOMujT3wJQ8tnLCTnRAv6MIgz7Ufp7AFF0TdUvVlHQ0w6XqQJMgvlY4libF BZgW4hZ146STgsD+uRO1YODa8QIDAQABo4IBdTCCAXEwEgYDVR0TAQH/BAgwBgEB /wIBATBbBgNVHSAEVDBSMEgGCSsGAQQBsT4BADA7MDkGCCsGAQUFBwIBFi1odHRw Oi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeS5jZm0wBgYEVR0g ADAOBgNVHQ8BAf8EBAMCAQYwgYUGA1UdIwR+MHyAFOWdWTCCR1jMrPoIVDaGezq1 BE3woV6kXDBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYD VQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBS b290ggQCAAC5MEcGA1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly93d3cucHVibGljLXRy dXN0LmNvbS9jZ2ktYmluL0NSTC8yMDI1MDEvY2RwLmNybDAdBgNVHQ4EFgQUEapO nApNThdWG5RXOAHytzWkSWUwDQYJKoZIhvcNAQEFBQADggEBAAdvcLAkY0C51Hm6 hqgFctsCDXNy+CW0cuIwe2SV4apynjcMU7RB30cnOX7JGiL//o5VlpdGYeSIiI42 N3tZJQ6JURagL5mcBcCMAwSIE8cBa9RiSVW4KfMmun5ldN6q1FXJ28OnxxsJkZLZ h2Y1J1R9WGxJbYRDJvrRH0icJKJmlD+k4h/EeyC75K2x2xQO5XIKJHUWH/+ChgpV TcawNX3uH9XrPvaSRr+Troj6+iyE5nWXPolmnlyUrg1rJsMvY8iBtMUUxst10Y/V nhIcGv8FWoPpaRJVVOgGRmwA7k4TsP3Yv4cQuANX0fQtCRrNq3BKMkUaznsHx90C 6sbFZEM=3D -----END CERTIFICATE----- --=20 You are receiving this mail because: You are the assignee for the bug.=