Page MenuHomeFreeBSD
Differential D28056

certctl: fix blacklist handling
Needs ReviewPublic
Actions

Authored by kevans on Jan 9 2021, 5:27 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 21, 7:43 PM
Unknown Object (File)
Mar 22 2024, 8:41 AM
Unknown Object (File)
Dec 22 2023, 9:56 PM
Unknown Object (File)
Nov 19 2023, 5:53 AM
Unknown Object (File)
Oct 12 2023, 12:54 AM
Unknown Object (File)
Sep 30 2023, 7:09 PM
Unknown Object (File)
Jul 5 2023, 9:33 PM
Unknown Object (File)
Jun 2 2023, 1:25 PM
View All 9 Files
Subscribers
imp

Details

Reviewers
michaelo
Summary

Previous versions used a bogus /etc/ssl/blacklisted setup to manage the
blacklist, which had a number of issues. Most notably, certctl blacklist
could not possibly work as the next rehash would remove it from
/etc/ssl/blacklisted if it wasn't added to one of the source directories
that generate it.

This is basically just a certctl concept anyways, since applications will
not honor it. Replace it with a tempdir that we'll hash the blacklist into
as-needed (for more efficient lookups).

Additionally, add in a /usr/local/share/certs/blacklisted that
certctl blacklist will install certs into. certctl unblacklist will
search all of the paths we can have them at and remove all matching certs
that it finds.

PR: 250681

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 36055
Build 32944: arc lint + arc unit

Revision Contents
Changeset List

PathSize
usr.sbin/
certctl/
125 lines

Diff 81941

View Options

usr.sbin/certctl/certctl.sh

Loading...