Page MenuHomeFreeBSD

certctl: fix hashed link generation with duplicate subjects
ClosedPublic

Authored by kevans on Aug 24 2020, 1:39 AM.

Details

Summary

Currently, certctl rehash will just keep clobbering .0 rather than incrementing the suffix upon encountering a duplicate. Do this, and do it for blacklisted certs as well.

Future work needs to completely revamp the blacklist to align more with how it's described in PR 246614.

PR: 246614

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Unit Tests Skipped
Build Status
Buildable 33448

Event Timeline

Minor nit: also fix the link formatted from certctl blacklist <hash>, chop off the suffix and generate the appropriate decimal for the .rD link.

kevans edited the summary of this revision. (Show Details)
kevans edited the summary of this revision. (Show Details)

I also see:

Files /etc/ssl/blacklisted/157753a5.0 and /usr/share/certs/trusted/AddTrust_External_Root.pem differ
Files /etc/ssl/blacklisted/861a399d.0 and /usr/share/certs/trusted/AddTrust_Low-Value_Services_Root.pem differ
Files /etc/ssl/blacklisted/def36a68.0 and /usr/share/certs/trusted/LuxTrust_Global_Root_2.pem differ
Files /etc/ssl/blacklisted/5c44d531.0 and /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem differ
Files /etc/ssl/blacklisted/62744ee1.0 and /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem differ
Files /etc/ssl/blacklisted/4d4ba017.0 and /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem differ
Files /etc/ssl/blacklisted/c0ff1f52.0 and /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem differ

Because of

626 # grep FreeBSD /etc/ssl/blacklisted/c0ff1f52.0
##  with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $

and

628 # grep  FreeBSD  /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
##  with $FreeBSD: stable/12/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $

maybe also a fault on my end.

I am want again to stress out that /etc/ssl/blacklisted is never read by OpenSSL and may/will lead to confusion. This defintively needs to go/be removed at some point.

Another issue, I don't see how the blacklisting is supposed to work. I see:

/etc/ssl
├── blacklisted
│   ├── 157753a5.0 -> ../../../usr/share/certs/blacklisted/AddTrust_External_Root.pem
│   ├── 4d4ba017.0 -> ../../../usr/share/certs/blacklisted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem
│   ├── 5c44d531.0 -> ../../../usr/share/certs/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem
│   ├── 62744ee1.0 -> ../../../usr/share/certs/blacklisted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem
│   ├── 861a399d.0 -> ../../../usr/share/certs/blacklisted/AddTrust_Low-Value_Services_Root.pem
│   ├── c0ff1f52.0 -> ../../../usr/share/certs/blacklisted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
│   └── def36a68.0 -> ../../../usr/share/certs/blacklisted/LuxTrust_Global_Root_2.pem

but

631 # certctl list | grep 861a399d
861a399d.0      AddTrust Class 1 CA Root

root@deblndw011x - /usr/src/secure/caroot
632 # certctl list | grep def36a68
def36a68.0      LuxTrust Global Root 2

they should not be there.

usr.sbin/certctl/certctl.sh
33

\.[0-9] should be dropped because this is the output form, it should not be an input form. Same as with c_rehash.

81

The diff is really a band-aid because any kind of information can precede the BEGIN CERTIFICATE block. At best, certificate hash *not* subject hash is used to compare certs. openssl can write them out I guess.

210

Same as above.

This revision now requires changes to proceed.Sep 7 2020, 1:46 PM

/etc/ssl/blacklisted will go away at the first chance I get to rewrite certctl in flua.

usr.sbin/certctl/certctl.sh
81

Yes, this is intended to be a horrible looking band-aid that ends up being pretty fragile to boot. I wasn't sure how to get openssl to write out the certificate hash, the usage is pretty rough for me to figure out.

Comparing the fingerprint of the cert can be achived with OpenSSL using -fingerprint:

openssl x509 -sha1 -in cert.crt -noout -fingerprint

See https://www.openssl.org/docs/man1.1.1/man1/x509.html

Comparing the fingerprint of the cert can be achived with OpenSSL using -fingerprint:

openssl x509 -sha1 -in cert.crt -noout -fingerprint

See https://www.openssl.org/docs/man1.1.1/man1/x509.html

You're a hero, friend. Will fix ASAP.

kevans marked 3 inline comments as done.

Rework, drop *.[0-9] from FILEPAT and use hopefully less-fragile fingerprint comparison. This fixes the previously reported issue:

Files /etc/ssl/blacklisted/157753a5.0 and /usr/share/certs/trusted/AddTrust_External_Root.pem differ
Files /etc/ssl/blacklisted/861a399d.0 and /usr/share/certs/trusted/AddTrust_Low-Value_Services_Root.pem differ
Files /etc/ssl/blacklisted/def36a68.0 and /usr/share/certs/trusted/LuxTrust_Global_Root_2.pem differ
Files /etc/ssl/blacklisted/5c44d531.0 and /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem differ
Files /etc/ssl/blacklisted/62744ee1.0 and /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem differ
Files /etc/ssl/blacklisted/4d4ba017.0 and /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem differ
Files /etc/ssl/blacklisted/c0ff1f52.0 and /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem differ

in-fact theoretically caused the observations later, where the hashes still appeared in certctl list; they differed and thus the removal from /etc/ssl/certs failed.

Looks good for me now:

# certctl -v rehash
Scanning /usr/share/certs/blacklisted for certificates...
Reading AddTrust_External_Root.pem
Adding 157753a5.0 to blacklist
Reading AddTrust_Low-Value_Services_Root.pem
Adding 861a399d.0 to blacklist
Reading LuxTrust_Global_Root_2.pem
Adding def36a68.0 to blacklist
Reading Staat_der_Nederlanden_Root_CA_-_G2.pem
Adding 5c44d531.0 to blacklist
Reading Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem
Adding 62744ee1.0 to blacklist
Reading Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem
Adding 4d4ba017.0 to blacklist
Reading Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
Adding c0ff1f52.0 to blacklist
Scanning /usr/share/certs/trusted for certificates...
Reading ACCVRAIZ1.pem
Adding a94d09e5.0 to trust store
Reading AC_RAIZ_FNMT-RCM.pem
Adding cd8c0d63.0 to trust store
Reading Actalis_Authentication_Root_CA.pem
Adding 930ac5d2.0 to trust store
Reading AddTrust_External_Root.pem
Skipping blacklisted certificate /usr/share/certs/trusted/AddTrust_External_Root.pem (/etc/ssl/blacklisted/157753a5.0)
Reading AddTrust_Low-Value_Services_Root.pem
Skipping blacklisted certificate /usr/share/certs/trusted/AddTrust_Low-Value_Services_Root.pem (/etc/ssl/blacklisted/861a399d.0)
Reading AffirmTrust_Commercial.pem
Adding 2b349938.0 to trust store
Reading AffirmTrust_Networking.pem
Adding 93bc0acc.0 to trust store
Reading AffirmTrust_Premium.pem
Adding b727005e.0 to trust store
Reading AffirmTrust_Premium_ECC.pem
Adding 9c8dfbd4.0 to trust store
Reading Amazon_Root_CA_1.pem
Adding ce5e74ef.0 to trust store
Reading Amazon_Root_CA_2.pem
Adding 6d41d539.0 to trust store
Reading Amazon_Root_CA_3.pem
Adding 8cb5ee0f.0 to trust store
Reading Amazon_Root_CA_4.pem
Adding de6d66f3.0 to trust store
Reading Atos_TrustedRoot_2011.pem
Adding e36a6752.0 to trust store
Reading Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Adding 3bde41ac.0 to trust store
Reading Baltimore_CyberTrust_Root.pem
Adding 653b494a.0 to trust store
Reading Buypass_Class_2_Root_CA.pem
Adding 54657681.0 to trust store
Reading Buypass_Class_3_Root_CA.pem
Adding e8de2f56.0 to trust store
Reading CA_Disig_Root_R2.pem
Adding 2ae6433e.0 to trust store
Reading CFCA_EV_ROOT.pem
Adding 0b1b94ef.0 to trust store
Reading COMODO_Certification_Authority.pem
Adding 40547a79.0 to trust store
Reading COMODO_ECC_Certification_Authority.pem
Adding eed8c118.0 to trust store
Reading COMODO_RSA_Certification_Authority.pem
Adding d6325660.0 to trust store
Reading Camerfirma_Chambers_of_Commerce_Root.pem
Adding f90208f7.0 to trust store
Reading Camerfirma_Global_Chambersign_Root.pem
Adding cb59f961.0 to trust store
Reading Certigna.pem
Adding e113c810.0 to trust store
Reading Certigna_Root_CA.pem
Adding f51bb24c.0 to trust store
Reading Certum_Root_CA.pem
Adding 442adcac.0 to trust store
Reading Certum_Trusted_Network_CA.pem
Adding 48bec511.0 to trust store
Reading Certum_Trusted_Network_CA_2.pem
Adding 40193066.0 to trust store
Reading Chambers_of_Commerce_Root_-_2008.pem
Adding c47d9980.0 to trust store
Reading Comodo_AAA_Services_root.pem
Adding ee64a828.0 to trust store
Reading Cybertrust_Global_Root.pem
Adding 76cb8f92.0 to trust store
Reading D-TRUST_Root_CA_3_2013.pem
Adding 0b7c536a.0 to trust store
Reading D-TRUST_Root_Class_3_CA_2_2009.pem
Adding c28a8a30.0 to trust store
Reading D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding d4dae3dd.0 to trust store
Reading DST_Root_CA_X3.pem
Adding 2e5ac55d.0 to trust store
Reading DigiCert_Assured_ID_Root_CA.pem
Adding b1159c4c.0 to trust store
Reading DigiCert_Assured_ID_Root_G2.pem
Adding 9d04f354.0 to trust store
Reading DigiCert_Assured_ID_Root_G3.pem
Adding 7f3d5d1d.0 to trust store
Reading DigiCert_Global_Root_CA.pem
Adding 3513523f.0 to trust store
Reading DigiCert_Global_Root_G2.pem
Adding 607986c7.0 to trust store
Reading DigiCert_Global_Root_G3.pem
Adding dd8e9d41.0 to trust store
Reading DigiCert_High_Assurance_EV_Root_CA.pem
Adding 244b5494.0 to trust store
Reading DigiCert_Trusted_Root_G4.pem
Adding 75d1b2ed.0 to trust store
Reading E-Tugra_Certification_Authority.pem
Adding 5273a94c.0 to trust store
Reading EC-ACC.pem
Adding 349f2832.0 to trust store
Reading EE_Certification_Centre_Root_CA.pem
Adding 128805a3.0 to trust store
Reading Entrust_Root_Certification_Authority.pem
Adding 6b99d060.0 to trust store
Reading Entrust_Root_Certification_Authority_-_EC1.pem
Adding 106f3e4d.0 to trust store
Reading Entrust_Root_Certification_Authority_-_G2.pem
Adding 02265526.0 to trust store
Reading Entrust_Root_Certification_Authority_-_G4.pem
Adding 5e98733a.0 to trust store
Reading Entrust_net_Premium_2048_Secure_Server_CA.pem
Adding aee5f10d.0 to trust store
Reading GDCA_TrustAUTH_R5_ROOT.pem
Adding 0f6fa695.0 to trust store
Reading GTS_Root_R1.pem
Adding 1001acf7.0 to trust store
Reading GTS_Root_R2.pem
Adding 626dceaf.0 to trust store
Reading GTS_Root_R3.pem
Adding 0a775a30.0 to trust store
Reading GTS_Root_R4.pem
Adding a3418fda.0 to trust store
Reading GeoTrust_Global_CA.pem
Adding 2c543cd1.0 to trust store
Reading GeoTrust_Primary_Certification_Authority.pem
Adding 480720ec.0 to trust store
Reading GeoTrust_Primary_Certification_Authority_-_G2.pem
Adding 116bf586.0 to trust store
Reading GeoTrust_Primary_Certification_Authority_-_G3.pem
Adding e2799e36.0 to trust store
Reading GeoTrust_Universal_CA.pem
Adding ad088e1d.0 to trust store
Reading GeoTrust_Universal_CA_2.pem
Adding 8867006a.0 to trust store
Reading GlobalSign_ECC_Root_CA_-_R4.pem
Adding b0e59380.0 to trust store
Reading GlobalSign_ECC_Root_CA_-_R5.pem
Adding 1d3472b9.0 to trust store
Reading GlobalSign_Root_CA.pem
Adding 5ad8a5d6.0 to trust store
Reading GlobalSign_Root_CA_-_R2.pem
Adding 4a6481c9.0 to trust store
Reading GlobalSign_Root_CA_-_R3.pem
Adding 062cdee6.0 to trust store
Reading GlobalSign_Root_CA_-_R6.pem
Adding dc4d6a89.0 to trust store
Reading Global_Chambersign_Root_-_2008.pem
Adding 0c4c9b6c.0 to trust store
Reading Go_Daddy_Class_2_CA.pem
Adding f081611a.0 to trust store
Reading Go_Daddy_Root_Certificate_Authority_-_G2.pem
Adding cbf06781.0 to trust store
Reading Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Adding 7719f463.0 to trust store
Reading Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Adding 1636090b.0 to trust store
Reading Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Adding 32888f65.0 to trust store
Reading Hongkong_Post_Root_CA_1.pem
Adding 3e45d192.0 to trust store
Reading Hongkong_Post_Root_CA_3.pem
Adding 68dd7389.0 to trust store
Reading ISRG_Root_X1.pem
Adding 4042bcee.0 to trust store
Reading IdenTrust_Commercial_Root_CA_1.pem
Adding ef954a4e.0 to trust store
Reading IdenTrust_Public_Sector_Root_CA_1.pem
Adding 1e08bfd1.0 to trust store
Reading Izenpe_com.pem
Adding cc450945.0 to trust store
Reading LuxTrust_Global_Root_2.pem
Skipping blacklisted certificate /usr/share/certs/trusted/LuxTrust_Global_Root_2.pem (/etc/ssl/blacklisted/def36a68.0)
Reading Microsec_e-Szigno_Root_CA_2009.pem
Adding 8160b96c.0 to trust store
Reading Microsoft_ECC_Root_Certificate_Authority_2017.pem
Adding 8d89cda1.0 to trust store
Reading Microsoft_RSA_Root_Certificate_Authority_2017.pem
Adding bf53fb88.0 to trust store
Reading NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem
Adding 988a38cb.0 to trust store
Reading Network_Solutions_Certificate_Authority.pem
Adding 4304c5e5.0 to trust store
Reading OISTE_WISeKey_Global_Root_GA_CA.pem
Adding b1b8a7f3.0 to trust store
Reading OISTE_WISeKey_Global_Root_GB_CA.pem
Adding e73d606e.0 to trust store
Reading OISTE_WISeKey_Global_Root_GC_CA.pem
Adding 773e07ad.0 to trust store
Reading QuoVadis_Root_CA.pem
Adding 080911ac.0 to trust store
Reading QuoVadis_Root_CA_1_G3.pem
Adding 749e9e03.0 to trust store
Reading QuoVadis_Root_CA_2.pem
Adding d7e8dc79.0 to trust store
Reading QuoVadis_Root_CA_2_G3.pem
Adding 064e0aa9.0 to trust store
Reading QuoVadis_Root_CA_3.pem
Adding 76faf6c0.0 to trust store
Reading QuoVadis_Root_CA_3_G3.pem
Adding e18bfb83.0 to trust store
Reading SSL_com_EV_Root_Certification_Authority_ECC.pem
Adding f0c70a8d.0 to trust store
Reading SSL_com_EV_Root_Certification_Authority_RSA_R2.pem
Adding 06dc52d5.0 to trust store
Reading SSL_com_Root_Certification_Authority_ECC.pem
Adding 0bf05006.0 to trust store
Reading SSL_com_Root_Certification_Authority_RSA.pem
Adding 6fa5da56.0 to trust store
Reading SZAFIR_ROOT_CA2.pem
Adding fe8a2cd8.0 to trust store
Reading SecureSign_RootCA11.pem
Adding 18856ac4.0 to trust store
Reading SecureTrust_CA.pem
Adding f39fc864.0 to trust store
Reading Secure_Global_CA.pem
Adding b66938e9.0 to trust store
Reading Security_Communication_RootCA2.pem
Adding cd58d51e.0 to trust store
Reading Security_Communication_Root_CA.pem
Adding f3377b1b.0 to trust store
Reading Sonera_Class_2_Root_CA.pem
Adding 9c2e7d30.0 to trust store
Reading Staat_der_Nederlanden_EV_Root_CA.pem
Adding 03179a64.0 to trust store
Reading Staat_der_Nederlanden_Root_CA_-_G2.pem
Skipping blacklisted certificate /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem (/etc/ssl/blacklisted/5c44d531.0)
Reading Staat_der_Nederlanden_Root_CA_-_G3.pem
Adding 5a4d6896.0 to trust store
Reading Starfield_Class_2_CA.pem
Adding f387163d.0 to trust store
Reading Starfield_Root_Certificate_Authority_-_G2.pem
Adding 4bfab552.0 to trust store
Reading Starfield_Services_Root_Certificate_Authority_-_G2.pem
Adding 09789157.0 to trust store
Reading SwissSign_Gold_CA_-_G2.pem
Adding 4f316efb.0 to trust store
Reading SwissSign_Platinum_CA_-_G2.pem
Adding a8dee976.0 to trust store
Reading SwissSign_Silver_CA_-_G2.pem
Adding 57bcb2da.0 to trust store
Reading Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem
Skipping blacklisted certificate /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem (/etc/ssl/blacklisted/62744ee1.0)
Reading Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem
Adding 26312675.0 to trust store
Reading Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem
Skipping blacklisted certificate /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem (/etc/ssl/blacklisted/4d4ba017.0)
Reading Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem
Adding 1320b215.0 to trust store
Reading T-TeleSec_GlobalRoot_Class_2.pem
Adding 1e09d511.0 to trust store
Reading T-TeleSec_GlobalRoot_Class_3.pem
Adding 5443e9e3.0 to trust store
Reading TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Adding ff34af3f.0 to trust store
Reading TWCA_Global_Root_CA.pem
Adding 5f15c80c.0 to trust store
Reading TWCA_Root_Certification_Authority.pem
Adding b7a5b843.0 to trust store
Reading Taiwan_GRCA.pem
Adding 6410666e.0 to trust store
Reading TeliaSonera_Root_CA_v1.pem
Adding 5cd81ad7.0 to trust store
Reading TrustCor_ECA-1.pem
Adding 7aaf71c0.0 to trust store
Reading TrustCor_RootCert_CA-1.pem
Adding 5d3033c5.0 to trust store
Reading TrustCor_RootCert_CA-2.pem
Adding 3e44d2f7.0 to trust store
Reading Trustis_FPS_Root_CA.pem
Adding d853d49e.0 to trust store
Reading UCA_Extended_Validation_Root.pem
Adding 0f5dc4f3.0 to trust store
Reading UCA_Global_G2_Root.pem
Adding c01eb047.0 to trust store
Reading USERTrust_ECC_Certification_Authority.pem
Adding f30dd6ad.0 to trust store
Reading USERTrust_RSA_Certification_Authority.pem
Adding fc5a8f99.0 to trust store
Reading VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
Adding 7d0b38bd.0 to trust store
Reading VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
Adding b204d74a.0 to trust store
Reading VeriSign_Universal_Root_Certification_Authority.pem
Adding c01cdfa2.0 to trust store
Reading Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
Adding ee1365c0.0 to trust store
Reading Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
Adding dc45b0bd.0 to trust store
Reading Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
Skipping blacklisted certificate /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem (/etc/ssl/blacklisted/c0ff1f52.0)
Reading XRamp_Global_CA_Root.pem
Adding 706f604c.0 to trust store
Reading certSIGN_ROOT_CA.pem
Adding 8d86cdd1.0 to trust store
Reading certSIGN_Root_CA_G2.pem
Adding 5f618aec.0 to trust store
Reading e-Szigno_Root_CA_2017.pem
Adding e868b802.0 to trust store
Reading ePKI_Root_Certification_Authority.pem
Adding ca6e4ad9.0 to trust store
Reading emSign_ECC_Root_CA_-_C3.pem
Adding 4b718d9b.0 to trust store
Reading emSign_ECC_Root_CA_-_G3.pem
Adding 14bc7599.0 to trust store
Reading emSign_Root_CA_-_C1.pem
Adding 406c9bb1.0 to trust store
Reading emSign_Root_CA_-_G1.pem
Adding 2923b3f9.0 to trust store
Reading thawte_Primary_Root_CA.pem
Adding 2e4eed3c.0 to trust store
Reading thawte_Primary_Root_CA_-_G2.pem
Adding c089bbbd.0 to trust store
Reading thawte_Primary_Root_CA_-_G3.pem
Adding ba89ed3b.0 to trust store
Scanning /usr/local/share/certs for certificates...
Reading ca-root-nss.crt
Adding cd8c0d63.1 to trust store
Scanning /usr/local/etc/ssl/certs for certificates...
Reading quovadis-cert-01.crt
Adding 780389f9.0 to trust store
Reading quovadis-cert-02.crt
Adding 4ca5f54b.0 to trust store
Reading quovadis-cert-03.crt
Adding b5d79467.0 to trust store
Reading siemens-cert-01.crt
Adding d4555404.0 to trust store
Reading siemens-cert-02.crt
Adding d7532a42.0 to trust store
Reading siemens-cert-03.crt
Adding d9d79a66.0 to trust store
Reading siemens-cert-04.crt
Adding a331fcb4.0 to trust store
Reading siemens-cert-05.crt
Adding 2b9d74f0.0 to trust store
Reading siemens-cert-06.crt
Adding b428065f.0 to trust store
Reading siemens-cert-07.crt
Adding e6a60b73.0 to trust store
Reading siemens-cert-08.crt
Adding 930b5fed.0 to trust store
Reading siemens-cert-09.crt
Adding f38f510d.0 to trust store
Reading siemens-cert-10.crt
Adding ddc2d14f.0 to trust store
Reading siemens-cert-11.crt
Adding 9ec27e42.0 to trust store
Reading siemens-cert-12.crt
Adding 1c7620aa.0 to trust store
Reading siemens-cert-13.crt
Adding 681ad634.0 to trust store
Reading siemens-cert-14.crt
Adding 8dc03e53.0 to trust store
Reading siemens-cert-15.crt
Adding 8dc03e53.1 to trust store
Reading siemens-cert-16.crt
Adding a382b08f.0 to trust store
Reading siemens-cert-17.crt
Adding 5ba4b7de.0 to trust store
This revision is now accepted and ready to land.Sep 9 2020, 6:19 AM

Excellent, thanks!

Would you prefer to receive attribution for this review at your phab email address (@gmx) or bugzilla (@siemens)?

Excellent, thanks!

Would you prefer to receive attribution for this review at your phab email address (@gmx) or bugzilla (@siemens)?

Pick the Siemens one please. 90% of my contributions are work-related.

Thanks!