https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Michael Osipov changed:
What|Removed |Added
Blocks||274019
Referenced Bugs:
https:/
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #19 from Michael Osipov ---
(In reply to Kyle Evans from comment #18)
Awesome, thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-bugs@f
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Kyle Evans changed:
What|Removed |Added
Resolution|--- |FIXED
Status|New
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #17 from commit-h...@freebsd.org ---
A commit references this bug:
Author: kevans
Date: Sun Sep 13 02:17:18 UTC 2020
New revision: 365683
URL: https://svnweb.freebsd.org/changeset/base/365683
Log:
MFS r365681: certctl: fix ha
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #16 from commit-h...@freebsd.org ---
A commit references this bug:
Author: kevans
Date: Sun Sep 13 01:09:23 UTC 2020
New revision: 365681
URL: https://svnweb.freebsd.org/changeset/base/365681
Log:
MFC r365500: certctl: fix ha
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Kyle Evans changed:
What|Removed |Added
Flags||mfc-stable12?,
|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #15 from commit-h...@freebsd.org ---
A commit references this bug:
Author: kevans
Date: Wed Sep 9 09:08:09 UTC 2020
New revision: 365500
URL: https://svnweb.freebsd.org/changeset/base/365500
Log:
certctl: fix hashed link gen
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #14 from Michael Osipov ---
(In reply to Kyle Evans from comment #13)
Finally was able to leave a few comments.
--
You are receiving this mail because:
You are on the CC list for the bug.
_
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #13 from Kyle Evans ---
I've updated the review to more thoroughly remove the 'serial' nomenclature and
fix the problem with list and a couple other spots.
I'm punting on the blacklist revamp for now, but I've slapped a band-ai
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #12 from Michael Osipov ---
No ticket, certificate. Typo.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-bugs@freebsd.org mailing list
https:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #11 from Michael Osipov ---
(In reply to Kyle Evans from comment #10)
Correct. I would start populate blacklist first and then generate links. Care
must be taken if diverge, say you have n certs in blacklist with the
same subj
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #10 from Kyle Evans ---
(In reply to Michael Osipov from comment #9)
Ah, OK, I see what you mean. So really, `certctl blacklist` should probably
just be adding to /usr/share/certs/blacklisted and pulling any
newly-blacklisted c
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #9 from Michael Osipov ---
(In reply to Kyle Evans from comment #8)
Not even that. The origin c_rehash is not aware of blacklists, only CRLs. So
the idea behind a blacklist is that you exclude specific certs from installing.
Th
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #8 from Kyle Evans ---
(In reply to Michael Osipov from comment #6)
> * create_blacklisted() is completely ill-designed for several reasons:
> ** When processing all links must be purged first
> ** Blacklisted certs should not
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #7 from Kyle Evans ---
(In reply to Michael Osipov from comment #6
D'oh! Thanks, will address some of this tonight.
--
You are receiving this mail because:
You are on the CC list for the bug.
_
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #6 from Michael Osipov ---
Went through the given diff, there are still issues with it:
* serial should be turned into decimal to avoid confusion
* create_blacklisted() is completely ill-designed for several reasons:
** When pro
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #5 from Michael Osipov ---
(In reply to Kyle Evans from comment #4)
Looking through. Note that I do not have access to Phabricator anymore because
login via Google is rejected. Already notified the Phabricator admin.
--
You a
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Kyle Evans changed:
What|Removed |Added
URL||https://reviews.freebsd.org
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #3 from Kyle Evans ---
(In reply to Michael Osipov from comment #2)
Acknowledged- I'll fix the patch after WIP lands and wrangle you into a formal
review on Phabricator. Thanks for the review. =-)
--
You are receiving this ma
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #2 from Michael Osipov ---
There are several issues with the patch:
* The term "serial" is already taken: by the serial number embedded in the cert
as well as serialNumber as part of the DN. c_rehash talks about decimal digit.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
--- Comment #1 from Kyle Evans ---
Created attachment 214734
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=214734&action=edit
git(1) diff against base
Here's a tentative diff; there's some other WIP that I've already created on
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Kyle Evans changed:
What|Removed |Added
CC||b...@freebsd.org,
|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Michael Osipov changed:
What|Removed |Added
CC||michael.osi...@siemens.com
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246614
Bug ID: 246614
Summary: certctl(8) silently overwrites certs with same
subjects
Product: Base System
Version: 12.1-STABLE
Hardware: Any
OS: Any
24 matches
Mail list logo
