From nobody Wed Feb 01 00:54:38 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P63NH1B9Kz3bJT3 for ; Wed, 1 Feb 2023 00:54:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P63NG6sMcz47bR for ; Wed, 1 Feb 2023 00:54:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675212879; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YdOcFa9qdSwVOHIEz9W+ZEGJAwAliMYfdhp/+YNXGLg=; b=xXcrlKjQ9rutjrR9XzRXLoh325JnQ6O825cBHmk7p6QNsU3FjUhU7w/+3DkbG6KdPSt2ac pp6mqv/kZQEgrTYIVT7XAetyKT/JFwhU1fdmmxXtQ7tZfCHSUI5i5zZDv1G7rmgtkUPkod m0TpA/L2uGDqN0klrrGorqlKNDNZoXEdfuF1pKL2zknBnwgJXFoBFwVe1Onlm4cSw4YxBD r3tKZ7BaMKDm8Vm6QtFTeKRua8zKjT0eunzJCTrm8+/dStqjCik7He0I30PbEQpurZa29P tvVlQvFGA/DPGk2NjNLAR2KDfW6+G6EUXCKcK3GMdvUrBELEHeq3UY9AVUlZXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675212879; a=rsa-sha256; cv=none; b=jgN7D9ARhC2npbDbd/4SepWjLN5Q31tOFFppBsSf1mgZZChV6Qxv23/xXzcB2A1Htw5S/b PYM3Wn95WcWq0cGtwYfxjoX+/huMkmX+W8E5a1Ga66jlKbKTo3cSDFwJCUcc4MaBRb34PY 3o7dpNE8XUKaWAxKV0qxJW0NVR9mIfNH3K6oiVrkRzP9rbOm2u4clwyqd1e0qOFBZNxRoV 1A8lC5etF3ltSwQc5pJJMUVHj0OQBVUJgriPntBVar6v2EDHg0sD9lY3akmX8KStKsM0X5 8hXVGbzz4sEAdW9gqiu2H8R98ZHfaC4TPz7yTjWrdc8Ct+FubhkKHZ6WtZfnMw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P63NG5r1Bz19D1 for ; Wed, 1 Feb 2023 00:54:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3110scKH092507 for ; Wed, 1 Feb 2023 00:54:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3110scjP092506 for bugs@FreeBSD.org; Wed, 1 Feb 2023 00:54:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 250681] certctl(8) blacklisting certificates still shown as trusted Date: Wed, 01 Feb 2023 00:54:38 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd@igalic.co X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kevans@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250681 Mina Gali=C4=87 changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freebsd@igalic.co --- Comment #4 from Mina Gali=C4=87 --- let's untrust all certificates in Base: meena@fbsd14-amd64 ~> find /usr/share/certs/trusted/ -type f | xargs -n1 su= do -H certctl untrust Adding /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Auth= ority_-_G4.pem to untrusted list Adding /usr/share/certs/trusted/Chambers_of_Commerce_Root_-_2008.pem to untrusted list Adding /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem to untrusted list Adding /usr/share/certs/trusted/QuoVadis_Root_CA.pem to untrusted list Adding /usr/share/certs/trusted/AddTrust_Low-Value_Services_Root.pem to untrusted list Adding /usr/share/certs/trusted/AddTrust_External_Root.pem to untrusted list Adding /usr/share/certs/trusted/LuxTrust_Global_Root_2.pem to untrusted list Adding /usr/share/certs/trusted/GeoTrust_Universal_CA_2.pem to untrusted li= st Adding /usr/share/certs/trusted/Global_Chambersign_Root_-_2008.pem to untru= sted list Adding /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem to untrusted list Adding /usr/share/certs/trusted/D-TRUST_Root_CA_3_2013.pem to untrusted list Adding /usr/share/certs/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem to untrusted list Adding /usr/share/certs/trusted/Camerfirma_Chambers_of_Commerce_Root.pem to untrusted list Adding /usr/share/certs/trusted/EC-ACC.pem to untrusted list Adding /usr/share/certs/trusted/Camerfirma_Global_Chambersign_Root.pem to untrusted list Adding /usr/share/certs/trusted/Trustis_FPS_Root_CA.pem to untrusted list Adding /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Auth= ority_-_G6.pem to untrusted list Adding /usr/share/certs/trusted/Verisign_Class_1_Public_Primary_Certification_Auth= ority_-_G3.pem to untrusted list Adding /usr/share/certs/trusted/SwissSign_Platinum_CA_-_G2.pem to untrusted list Adding /usr/share/certs/trusted/EE_Certification_Centre_Root_CA.pem to untrusted list Adding /usr/share/certs/trusted/GeoTrust_Global_CA.pem to untrusted list Adding /usr/share/certs/trusted/thawte_Primary_Root_CA_-_G2.pem to untrusted list Adding /usr/share/certs/trusted/Taiwan_GRCA.pem to untrusted list Adding /usr/share/certs/trusted/VeriSign_Universal_Root_Certification_Authority.pe= m to untrusted list Adding /usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Auth= ority_-_G5.pem to untrusted list Adding /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem = to untrusted list Adding /usr/share/certs/trusted/thawte_Primary_Root_CA.pem to untrusted list Adding /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Auth= ority_-_G6.pem to untrusted list Adding /usr/share/certs/trusted/Verisign_Class_2_Public_Primary_Certification_Auth= ority_-_G3.pem to untrusted list Adding /usr/share/certs/trusted/thawte_Primary_Root_CA_-_G3.pem to untrusted list Adding /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Auth= ority_-_G4.pem to untrusted list Adding /usr/share/certs/trusted/Certum_Root_CA.pem to untrusted list Adding /usr/share/certs/trusted/GeoTrust_Universal_CA.pem to untrusted list Adding /usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Auth= ority_-_G4.pem to untrusted list Adding /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority.pe= m to untrusted list Adding /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem = to untrusted list Adding /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Auth= ority_-_G3.pem to untrusted list Adding /usr/share/certs/trusted/Sonera_Class_2_Root_CA.pem to untrusted list worked? meena@fbsd14-amd64 ~> certctl untrusted Listing Untrusted Certificates: 080911ac.0 QuoVadis Root Certification Authority 0b7c536a.0 D-TRUST Root CA 3 2013 0c4c9b6c.0 Global Chambersign Root - 2008 116bf586.0 GeoTrust Primary Certification Authority - G2 128805a3.0 EE Certification Centre Root CA 1320b215.0 Symantec Class 2 Public Primary Certification Authority - G6 157753a5.0 AddTrust External CA Root 26312675.0 Symantec Class 1 Public Primary Certification Authority - G6 2c543cd1.0 GeoTrust Global CA 2e4eed3c.0 thawte Primary Root CA 349f2832.0 EC-ACC 442adcac.0 Certum CA 480720ec.0 GeoTrust Primary Certification Authority 4d4ba017.0 Symantec Class 2 Public Primary Certification Authority - G4 5a4d6896.0 Staat der Nederlanden Root CA - G3 5c44d531.0 Staat der Nederlanden Root CA - G2 62744ee1.0 Symantec Class 1 Public Primary Certification Authority - G4 6410666e.0 subject=3DC =3D TW, O =3D Government Root Certification Aut= hority 7d0b38bd.0 VeriSign Class 3 Public Primary Certification Authority - G4 861a399d.0 AddTrust Class 1 CA Root 8867006a.0 GeoTrust Universal CA 2 9c2e7d30.0 Sonera Class2 CA a8dee976.0 SwissSign Platinum CA - G2 ad088e1d.0 GeoTrust Universal CA b1b8a7f3.0 OISTE WISeKey Global Root GA CA b204d74a.0 VeriSign Class 3 Public Primary Certification Authority - G5 ba89ed3b.0 thawte Primary Root CA - G3 c01cdfa2.0 VeriSign Universal Root Certification Authority c089bbbd.0 thawte Primary Root CA - G2 c0ff1f52.0 VeriSign Class 3 Public Primary Certification Authority - G3 c47d9980.0 Chambers of Commerce Root - 2008 cb59f961.0 Global Chambersign Root d853d49e.0 subject=3DC =3D GB, O =3D Trustis Limited, OU =3D Trustis F= PS Root CA dc45b0bd.0 VeriSign Class 2 Public Primary Certification Authority - G3 def36a68.0 LuxTrust Global Root 2 e2799e36.0 GeoTrust Primary Certification Authority - G3 ee1365c0.0 VeriSign Class 1 Public Primary Certification Authority - G3 f90208f7.0 Chambers of Commerce Root meena@fbsd14-amd64 ~> meena@fbsd14-amd64 ~> sudo -H certctl rehash Scanning /usr/share/certs/trusted for certificates... Scanning /usr/local/share/certs for certificates... meena@fbsd14-amd64 ~> sudo -H certctl list Listing Trusted Certificates: 080911ac.0 QuoVadis Root Certification Authority 0b7c536a.0 D-TRUST Root CA 3 2013 0c4c9b6c.0 Global Chambersign Root - 2008 116bf586.0 GeoTrust Primary Certification Authority - G2 128805a3.0 EE Certification Centre Root CA 1320b215.0 Symantec Class 2 Public Primary Certification Authority - G6 157753a5.0 AddTrust External CA Root 26312675.0 Symantec Class 1 Public Primary Certification Authority - G6 2c543cd1.0 GeoTrust Global CA 2e4eed3c.0 thawte Primary Root CA 349f2832.0 EC-ACC 442adcac.0 Certum CA 480720ec.0 GeoTrust Primary Certification Authority 4d4ba017.0 Symantec Class 2 Public Primary Certification Authority - G4 5a4d6896.0 Staat der Nederlanden Root CA - G3 5c44d531.0 Staat der Nederlanden Root CA - G2 62744ee1.0 Symantec Class 1 Public Primary Certification Authority - G4 6410666e.0 subject=3DC =3D TW, O =3D Government Root Certification Aut= hority 7d0b38bd.0 VeriSign Class 3 Public Primary Certification Authority - G4 861a399d.0 AddTrust Class 1 CA Root 8867006a.0 GeoTrust Universal CA 2 9c2e7d30.0 Sonera Class2 CA a8dee976.0 SwissSign Platinum CA - G2 ad088e1d.0 GeoTrust Universal CA b1b8a7f3.0 OISTE WISeKey Global Root GA CA b204d74a.0 VeriSign Class 3 Public Primary Certification Authority - G5 ba89ed3b.0 thawte Primary Root CA - G3 c01cdfa2.0 VeriSign Universal Root Certification Authority c089bbbd.0 thawte Primary Root CA - G2 c0ff1f52.0 VeriSign Class 3 Public Primary Certification Authority - G3 c47d9980.0 Chambers of Commerce Root - 2008 c622f41b.0 minica root ca 083271 cb59f961.0 Global Chambersign Root cd8c0d63.0 subject=3DC =3D ES, O =3D FNMT-RCM, OU =3D AC RAIZ FNMT-RCM d853d49e.0 subject=3DC =3D GB, O =3D Trustis Limited, OU =3D Trustis F= PS Root CA dc45b0bd.0 VeriSign Class 2 Public Primary Certification Authority - G3 def36a68.0 LuxTrust Global Root 2 e2799e36.0 GeoTrust Primary Certification Authority - G3 ee1365c0.0 VeriSign Class 1 Public Primary Certification Authority - G3 f90208f7.0 Chambers of Commerce Root meena@fbsd14-amd64 ~>=20 nope, they are trusted and untrusted at the same time. --=20 You are receiving this mail because: You are on the CC list for the bug.=