On 2/28/19 7:37 PM, James Pooton wrote: > So installing ca-certificates (20170717) with the latest openssl > (1.1.1a-1), does produce the hashes in /etc/ssl/certs when doing an ARM > 32bit build via QEMU. > > One interesting thing is that the 382 syscalls were still present in the > build, so that may be a red herring: > > ... > Preparing to unpack .../ca-certificates_20170717_all.deb ... > Unpacking ca-certificates (20170717) ... > Setting up ca-certificates (20170717) ... > Updating certificates in /etc/ssl/certs... > qemu: Unsupported syscall: 382 > 148 added, 0 removed; done. > Processing triggers for ca-certificates (20170717) ... > Updating certificates in /etc/ssl/certs... > qemu: Unsupported syscall: 382 > 0 added, 0 removed; done. > ...
Interesting, thanks. So c_rehash works fine-ish, which we were pretty sure of, and the same behavior with the syscall errors. /usr/bin/c_rehash is perl with a few calls out to openssl within. You could try to debug by directly running `sudo openssl rehash -v /etc/ssl/certs` on either version of ca-certificates (new one has new CAs added, old ones removed, and a couple other bug fixes, but openssl behavior should be the same). > The only other thing I noticed (which certainly may not be related) is > that a a few of the CA cert filename must have some crazy UTF8 > characters that get encoded (“NetLock_Arany”, > “RKTRUST_Elektronik_Sertifika_Hizmet_Sa”, “k_Sertifika_Hizmet_Sa”). > Just seemed odd, and potentially something that could trip things up. Yep, there are a few CAs with UTF8 labels, so the files are written out that way. I was included in a conversation maybe 2 years ago with someone that did some UTF8 filename research through the package repositories, but there haven't been any issues raised. An example of the options would be the existing UTF8: "NetLock Arany (Class Gold) Főtanúsítvány" or: "NetLock Arany (Class Gold) F..tan..s..tv..ny" F..who? :) I think the native UTF8 is a better option. It's probably a bug if some file widget does not handle UTF8 files correctly. -- Kind regards, Michael
