[Bug 246614] certctl(8) silently overwrites certs with same subjects
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu May 21 19:11:43 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #2 from Michael Osipov <michael.osipov at siemens.com> ---
There are several issues with the patch:
* The term "serial" is already taken: by the serial number embedded in the cert
as well as serialNumber as part of the DN. c_rehash talks about decimal digit.
Maybe "get_decimal" is maybe better?
* While links are created correctly as it seems:
> Reading siemens-cert-14.crt
> Adding 8dc03e53.0 to trust store
> Reading siemens-cert-15.crt
> Adding 8dc03e53.1 to trust store
* 'certctl list' does not show any of them because of:
> for CFILE in *.0; do
You likely will need to add *.1, *.2, ..., *.9
* There is another conceptional issue: *.n is only for the hashed links, not fo
scanning, see https://www.openssl.org/docs/man1.1.1/man1/c_rehash.html.
* Please also note that the hashed links for CRLs need to be in <hash>.r<D>
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-bugs
mailing list