Page MenuHomeFreeBSD
Differential D42276

certctl: Fix recent regressions.
ClosedPublic
Actions

Authored by des on Oct 18 2023, 2:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 30, 1:37 PM
Unknown Object (File)
Tue, Apr 30, 1:37 PM
Unknown Object (File)
Tue, Apr 30, 1:37 PM
Unknown Object (File)
Tue, Apr 30, 7:16 AM
Unknown Object (File)
Sat, Apr 6, 12:47 PM
Unknown Object (File)
Mar 31 2024, 6:20 AM
Unknown Object (File)
Jan 5 2024, 10:33 PM
Unknown Object (File)
Dec 25 2023, 5:23 PM
View All 10 Files
Subscribers
guest-patmaddox
imp
madpilot
michaelo
netchild
tijl

Details

Reviewers
allanjude
netchild
Group Reviewers
security
Commits
rG87945a082980: certctl: Fix recent regressions.
Summary
  • If an untrusted certificate is also found in the list of trusted certificate, issue a warning and skip it, but don't fail.
  • Split on -+BEGIN CERTIFICATE-+ instead of "Certificate:" since that's what we're really looking for.

Also fix a long-standing bug: .crl files are not certificates, so we
should not include them when searching for certificates.

Reported by: madpilot, netchild, tijl

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des created this revision.Oct 18 2023, 2:40 PM
Herald added a subscriber: imp. · View Herald TranscriptOct 18 2023, 2:40 PM
des requested review of this revision.Oct 18 2023, 2:40 PM
Harbormaster completed remote builds in B54058: Diff 129009.Oct 18 2023, 2:40 PM
netchild added inline comments.Oct 19 2023, 8:03 AM
usr.sbin/certctl/certctl.sh
116

I confirm that this change fixes the issue with poudriere and untrusted certs.

netchild accepted this revision.Oct 19 2023, 8:04 AM
This revision is now accepted and ready to land.Oct 19 2023, 8:04 AM
allanjude accepted this revision.Oct 19 2023, 4:02 PM

Reviewed-by: allanjude

guest-patmaddox added a subscriber: guest-patmaddox.Oct 19 2023, 9:42 PM
Closed by commit rG87945a082980: certctl: Fix recent regressions. (authored by des). · Explain WhyOct 20 2023, 10:30 AM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG87945a082980: certctl: Fix recent regressions..
des marked an inline comment as done.Oct 20 2023, 12:58 PM
michaelo added a subscriber: michaelo.Oct 24 2023, 10:28 AM

This one failed to update the manage and has broken working setups: https://github.com/freebsd/freebsd-src/commit/87945a082980260b52507ad5bfb3a0ce773a80da

Revision Contents
Changeset List

PathSize
usr.sbin/
certctl/
11 lines

Diff 129146

View Options

usr.sbin/certctl/certctl.sh

Loading...