[Bug 246614] certctl(8) silently overwrites certs with same subjects
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 24 15:01:09 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #9 from Michael Osipov <michael.osipov at siemens.com> ---
(In reply to Kyle Evans from comment #8)
Not even that. The origin c_rehash is not aware of blacklists, only CRLs. So
the idea behind a blacklist is that you exclude specific certs from installing.
This means that if a cert exists in the blackist and in the source, the hash
link is never created (or removed) is /etc/ssl/certs. They must be skipped.
When the link is established, OpenSSL assumes that you trust that entity. If
you don't want to work with blacklists, use CRL. I don't see a reason to copy
with the original name. What benefit should that give?
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-bugs
mailing list