Bug 250682 - certctl(8)'s list command just says "GlobalSign" for five of the GlobalSign certificates
Summary: certctl(8)'s list command just says "GlobalSign" for five of the GlobalSign c...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Only Me
Assignee: Kyle Evans
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-28 03:32 UTC by corvid
Modified: 2021-03-19 21:10 UTC (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description corvid 2020-10-28 03:32:56 UTC 
This is in 12.2-RELEASE, which is not an option yet.

This is an enhancement request rather than a bug, but if there’s a way to specify enhancement request in the menus, I’m overlooking it.

It would be nice if the GlobalSign certificates were disambiguated. I realize that’s their fault for hiding the names under OU rather than CN…
Comment 1 Kyle Evans freebsd_committer freebsd_triage 2020-10-28 15:14:02 UTC 
I will need to think on this one... unfortunately I didn't actually look at the output of `certctl list` all that much when I took it over, besides just grabbing a random cert from the list to try blacklisting. I also note that some others are suboptimal:

f081611a.0      subject=C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority

This one has no commonName, so we fail and just print the entire subject. The output of `certctl -v list` gives a nice preview for what it would look like if we were to do that for all, which is also not spectacular. OTOH, it feels wrong to special-case GlobalSign.
Comment 2 Michael Osipov 2021-03-19 21:10:49 UTC 
(In reply to Kyle Evans from comment #1)

I agree on the wrong with the special case.