Page MenuHomeFreeBSD
Differential D28056

certctl: fix blacklist handling
Needs ReviewPublic
Actions

Authored by kevans on Jan 9 2021, 5:27 AM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 20 2025, 11:25 PM
Unknown Object (File)
Dec 14 2024, 7:33 PM
Unknown Object (File)
Oct 12 2024, 10:06 PM
Unknown Object (File)
Oct 4 2024, 4:51 AM
Unknown Object (File)
Sep 9 2024, 2:13 AM
Unknown Object (File)
Sep 8 2024, 2:34 AM
Unknown Object (File)
Sep 4 2024, 8:12 PM
Unknown Object (File)
Aug 19 2024, 2:04 PM
View All 23 Files
Subscribers
imp

Details

Reviewers
michaelo
Summary

Previous versions used a bogus /etc/ssl/blacklisted setup to manage the
blacklist, which had a number of issues. Most notably, certctl blacklist
could not possibly work as the next rehash would remove it from
/etc/ssl/blacklisted if it wasn't added to one of the source directories
that generate it.

This is basically just a certctl concept anyways, since applications will
not honor it. Replace it with a tempdir that we'll hash the blacklist into
as-needed (for more efficient lookups).

Additionally, add in a /usr/local/share/certs/blacklisted that
certctl blacklist will install certs into. certctl unblacklist will
search all of the paths we can have them at and remove all matching certs
that it finds.

PR: 250681

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 36055
Build 32944: arc lint + arc unit

Revision Contents
Changeset List

PathSize
usr.sbin/
certctl/
125 lines

Diff 81941

View Options

usr.sbin/certctl/certctl.sh

Loading...