Date: Thu, 21 May 2020 19:11:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246614] certctl(8) silently overwrites certs with same subjects Message-ID: <bug-246614-227-a9dU1J1K57@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246614-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246614-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246614 --- Comment #2 from Michael Osipov <michael.osipov@siemens.com> --- There are several issues with the patch: * The term "serial" is already taken: by the serial number embedded in the = cert as well as serialNumber as part of the DN. c_rehash talks about decimal dig= it. Maybe "get_decimal" is maybe better? * While links are created correctly as it seems: > Reading siemens-cert-14.crt > Adding 8dc03e53.0 to trust store > Reading siemens-cert-15.crt > Adding 8dc03e53.1 to trust store * 'certctl list' does not show any of them because of: > for CFILE in *.0; do You likely will need to add *.1, *.2, ..., *.9 * There is another conceptional issue: *.n is only for the hashed links, no= t fo scanning, see https://www.openssl.org/docs/man1.1.1/man1/c_rehash.html. * Please also note that the hashed links for CRLs need to be in <hash>.r<D> --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246614-227-a9dU1J1K57>