Page MenuHomeFreeBSD
Differential D42276

certctl: Fix recent regressions.
ClosedPublic
Actions

Authored by des on Oct 18 2023, 2:40 PM.
Tags
None
Referenced Files
F111872379: D42276.diff
Sun, Mar 9, 3:19 PM
Unknown Object (File)
Feb 5 2025, 1:53 AM
Unknown Object (File)
Feb 5 2025, 1:42 AM
Unknown Object (File)
Feb 4 2025, 10:38 PM
Unknown Object (File)
Jan 29 2025, 5:40 PM
Unknown Object (File)
Jan 28 2025, 12:42 PM
Unknown Object (File)
Nov 27 2024, 10:46 PM
Unknown Object (File)
Oct 12 2024, 2:37 PM
View All 38 Files
Subscribers
guest-patmaddox
imp
madpilot
michaelo
netchild
tijl

Details

Reviewers
allanjude
netchild
Group Reviewers
security
Commits
rG87945a082980: certctl: Fix recent regressions.
Summary
  • If an untrusted certificate is also found in the list of trusted certificate, issue a warning and skip it, but don't fail.
  • Split on -+BEGIN CERTIFICATE-+ instead of "Certificate:" since that's what we're really looking for.

Also fix a long-standing bug: .crl files are not certificates, so we
should not include them when searching for certificates.

Reported by: madpilot, netchild, tijl

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 54058
Build 50948: arc lint + arc unit

Event Timeline

des created this revision.Oct 18 2023, 2:40 PM
Herald added a subscriber: imp. · View Herald TranscriptOct 18 2023, 2:40 PM
des requested review of this revision.Oct 18 2023, 2:40 PM
Harbormaster completed remote builds in B54058: Diff 129009.Oct 18 2023, 2:40 PM
netchild added inline comments.Oct 19 2023, 8:03 AM
usr.sbin/certctl/certctl.sh
116

I confirm that this change fixes the issue with poudriere and untrusted certs.

netchild accepted this revision.Oct 19 2023, 8:04 AM
This revision is now accepted and ready to land.Oct 19 2023, 8:04 AM
allanjude accepted this revision.Oct 19 2023, 4:02 PM

Reviewed-by: allanjude

guest-patmaddox added a subscriber: guest-patmaddox.Oct 19 2023, 9:42 PM
Closed by commit rG87945a082980: certctl: Fix recent regressions. (authored by des). · Explain WhyOct 20 2023, 10:30 AM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG87945a082980: certctl: Fix recent regressions..
des marked an inline comment as done.Oct 20 2023, 12:58 PM
michaelo added a subscriber: michaelo.Oct 24 2023, 10:28 AM

This one failed to update the manage and has broken working setups: https://github.com/freebsd/freebsd-src/commit/87945a082980260b52507ad5bfb3a0ce773a80da

Revision Contents
Changeset List

PathSize
usr.sbin/
certctl/
11 lines

Diff 129009

View Options

usr.sbin/certctl/certctl.sh

Loading...