Page MenuHomeFreeBSD
Differential D42276

certctl: Fix recent regressions.
ClosedPublic
Actions

Authored by des on Oct 18 2023, 2:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 22, 2:06 PM
Unknown Object (File)
Sun, May 19, 8:46 AM
Unknown Object (File)
Mon, May 13, 1:25 PM
Unknown Object (File)
Thu, May 9, 8:12 PM
Unknown Object (File)
Thu, May 9, 2:56 PM
Unknown Object (File)
Thu, May 9, 3:45 AM
Unknown Object (File)
Thu, May 9, 1:16 AM
Unknown Object (File)
Tue, Apr 30, 1:37 PM
View All 17 Files
Subscribers
guest-patmaddox
imp
madpilot
michaelo
netchild
tijl

Details

Reviewers
allanjude
netchild
Group Reviewers
security
Commits
rG87945a082980: certctl: Fix recent regressions.
Summary
  • If an untrusted certificate is also found in the list of trusted certificate, issue a warning and skip it, but don't fail.
  • Split on -+BEGIN CERTIFICATE-+ instead of "Certificate:" since that's what we're really looking for.

Also fix a long-standing bug: .crl files are not certificates, so we
should not include them when searching for certificates.

Reported by: madpilot, netchild, tijl

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des created this revision.Oct 18 2023, 2:40 PM
Herald added a subscriber: imp. · View Herald TranscriptOct 18 2023, 2:40 PM
des requested review of this revision.Oct 18 2023, 2:40 PM
Harbormaster completed remote builds in B54058: Diff 129009.Oct 18 2023, 2:40 PM
netchild added inline comments.Oct 19 2023, 8:03 AM
usr.sbin/certctl/certctl.sh
116

I confirm that this change fixes the issue with poudriere and untrusted certs.

netchild accepted this revision.Oct 19 2023, 8:04 AM
This revision is now accepted and ready to land.Oct 19 2023, 8:04 AM
allanjude accepted this revision.Oct 19 2023, 4:02 PM

Reviewed-by: allanjude

guest-patmaddox added a subscriber: guest-patmaddox.Oct 19 2023, 9:42 PM
Closed by commit rG87945a082980: certctl: Fix recent regressions. (authored by des). · Explain WhyOct 20 2023, 10:30 AM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG87945a082980: certctl: Fix recent regressions..
des marked an inline comment as done.Oct 20 2023, 12:58 PM
michaelo added a subscriber: michaelo.Oct 24 2023, 10:28 AM

This one failed to update the manage and has broken working setups: https://github.com/freebsd/freebsd-src/commit/87945a082980260b52507ad5bfb3a0ce773a80da

Revision Contents
Changeset List

PathSize
usr.sbin/
certctl/
11 lines

Diff 129146

View Options

usr.sbin/certctl/certctl.sh

Loading...