Bug 274019

Summary: certctl(8): manual page following 05a16147fb39 (certctl: fix hashed link generation with duplicate subjects)
Product: Documentation Reporter: Michael Osipov <michael.osipov>
Component: Manual PagesAssignee: Michael Osipov <michaelo>
Status: Open ---    
Severity: Affects Some People CC: doc, freebsd, kevans, michael.osipov, michaelo, tijl
Priority: --- Keywords: needs-patch
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on: 246614    
Bug Blocks:    

Description Michael Osipov 2023-09-22 08:11:14 UTC 
I have discussed this once with Kyle Evans (kevans@). *.n (e.g. *.0, *.1, etc.) is OpenSSL private indexed output for certificates with the same subject hash. They are not intended to be used a input.

See also https://www.openssl.org/docs/man1.1.1/man1/rehash.html:
rehash scans directories and calculates a hash value of each .pem, .crt, .cer, or .crl file in the specified directory list ...

This extension should be (deprecated and) removed from the script.
Comment 1 Mina Galić freebsd_triage 2023-09-22 09:11:03 UTC 
let's put kevans@ in cc then
Comment 2 Tijl Coosemans freebsd_committer freebsd_triage 2023-09-22 12:32:05 UTC 
It looks like it has already been removed from the script in base 05a16147fb39.  Only the manpage still needs to be updated.
Comment 3 Michael Osipov 2023-09-22 13:51:28 UTC 
(In reply to Tijl Coosemans from comment #2)

Indeed, this patch is in all stable branches, but the manpage needs an update. I am willing to provide a patch if someone would be so kind to review and commit it.
Comment 4 Tijl Coosemans freebsd_committer freebsd_triage 2023-09-22 15:30:42 UTC 
(In reply to Michael Osipov from comment #3)
The EXTENSIONS variable should be removed from the ENVIRONMENT section because there's no such variable in the script.  Perhaps the list of extensions can be mentioned as part of the description of the rehash command.
Comment 5 Michael Osipov 2023-09-22 16:06:44 UTC 
(In reply to Tijl Coosemans from comment #4)

Totally right:
$ grep -e DESTDIR: -e TRUSTPATH: -e BLACKLISTPATH: -e CERTDESTDIR: -e BLACKLISTDESTDIR: -e EXTENSIONS: /usr/sbin/certctl
: ${DESTDIR:=}
: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs}
: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted}
: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted}