Re: issue: poudriere jail update fails after recent changes around certctl

Reply: Dag-Erling_Smørgrav : "Re: issue: poudriere jail update fails after recent changes around certctl"
In reply to: Dag-Erling_Smørgrav : "Re: issue: poudriere jail update fails after recent changes around certctl"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexander Leidinger <Alexander_at_Leidinger.net>
Date: Sat, 14 Oct 2023 14:26:16 UTC

Am 2023-10-13 17:42, schrieb Dag-Erling Smørgrav:
> Alexander Leidinger <Alexander@Leidinger.net> writes:
>> some change around certctl (world from 2023-10-09) has broken the
>> poudriere jail update command. The complete install finishes, certctl
>> is run, and then there is an exit code 1. This is because I have some
>> certs listed as untrusted, and this seems to give a retval of 1 inside
>> certctl.
> 
> This only happens if a certificate is listed as both trusted and
> untrusted, and I'm pretty sure the previous version would return 1 in
> that case as well.  Can you check?

I compared /usr/share/certs/untrusted/ with /usr/share/certs/trusted/ 
and some of them match with certs in /usr/share/certs/trusted/. Nothing 
in /usr/local/etc/ssl/untrusted/, one cert (as hash) in 
/usr/local/etc/ssl/blacklisted/ which is also in 
/usr/share/certs/untrusted/.

If FreeBSD provides some certs as trusted (as part of e.g. 
installworld), and I have some of them listed in untrusted, I would not 
expect an error case, but a failsafe action of not trusting them and not 
complaining... am I doing something wrong?

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF