FreeBSD Bugzilla – Attachment 214734 Details for
Bug 246614
certctl(8) silently overwrites certs with same subjects
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
git(1) diff against base
certctl.diff (text/plain), 1.70 KB, created by
Kyle Evans
on 2020-05-21 18:37:03 UTC
(
hide
)
Description:
git(1) diff against base
Filename:
MIME Type:
Creator:
Kyle Evans
Created:
2020-05-21 18:37:03 UTC
Size:
1.70 KB
patch
obsolete
>diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh >index 41d2cecf464..0edef6ce984 100755 >--- a/usr.sbin/certctl/certctl.sh >+++ b/usr.sbin/certctl/certctl.sh >@@ -59,28 +59,50 @@ do_hash() > fi > } > >+get_serial() >+{ >+ local checkdir hash serial >+ >+ checkdir=$1 >+ hash=$2 >+ serial=0 >+ >+ while [ -e "$CERTDESTDIR/$hash.$serial" ]; do >+ serial=$((serial + 1)) >+ done >+ >+ echo ${serial} >+ return 0 >+} >+ > create_trusted_link() > { > local hash >+ local serial > > hash=$( do_hash "$1" ) || return >+ # XXX Should look at $hash.[0-9] and compare > if [ -e "$BLACKLISTDESTDIR/$hash.0" ]; then > echo "Skipping blacklisted certificate $1 ($BLACKLISTDESTDIR/$hash.0)" > return 1 > fi >- [ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to trust store" >- [ $NOOP -eq 0 ] && install -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0" >+ serial=$(get_serial "$CERTDESTDIR" "$hash") >+ [ $VERBOSE -gt 0 ] && echo "Adding $hash.$serial to trust store" >+ [ $NOOP -eq 0 ] && \ >+ install -lrs $(realpath "$1") "$CERTDESTDIR/$hash.$serial" > } > > create_blacklisted() > { > local hash srcfile filename >+ local serial > > # If it exists as a file, we'll try that; otherwise, we'll scan > if [ -e "$1" ]; then > hash=$( do_hash "$1" ) || return > srcfile=$(realpath "$1") >- filename="$hash.0" >+ serial=$(get_serial "$CERTDESTDIR" "$hash") >+ filename="$hash.$serial" > elif [ -e "${CERTDESTDIR}/$1" ]; then > srcfile=$(realpath "${CERTDESTDIR}/$1") > filename="$1" >@@ -183,6 +205,7 @@ cmd_unblacklist() > for BFILE in "$@"; do > if [ -s "$BFILE" ]; then > hash=$( do_hash "$BFILE" ) >+ # XXX .0? > echo "Removing $hash.0 from blacklist" > [ $NOOP -eq 0 ] && rm -f "$BLACKLISTDESTDIR/$hash.0" > elif [ -e "$BLACKLISTDESTDIR/$BFILE" ]; then
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 246614
: 214734