[Bug 246614] certctl(8) silently overwrites certs with same subjects
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 24 15:49:38 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #11 from Michael Osipov <michael.osipov at siemens.com> ---
(In reply to Kyle Evans from comment #10)
Correct. I would start populate blacklist first and then generate links. Care
must be taken if <digit> diverge, say you have n certs in blacklist with the
same subject hash, great care must be taken when creating links that the
correct certs is excluded from linking
(https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html).
I think the general approach is to calculate a hash on the ASN.1 DER-encoded
form of the ticket which will be truly unique.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-bugs
mailing list