From fa0e0c02694f71adeea0962d9240385e08d8d12e Mon Sep 17 00:00:00 2001
From: Kyle Evans <kevans@FreeBSD.org>
Date: Thu, 3 Oct 2019 20:05:46 +0000
Subject: [PATCH] certctl(8): realpath the file before creating the symlink

Otherwise we end up creating broken relative symlinks in
/etc/ssl/blacklisted.
---
 usr.sbin/certctl/certctl.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh
index cab9c7deeaf..1cfa68e666e 100755
--- a/usr.sbin/certctl/certctl.sh
+++ b/usr.sbin/certctl/certctl.sh
@@ -69,7 +69,7 @@ create_trusted_link()
 		return 1
 	fi
 	[ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to trust store"
-	[ $NOOP -eq 0 ] && ln -fs "$1" "$CERTDESTDIR/$hash.0"
+	[ $NOOP -eq 0 ] && ln -fs $(realpath "$1") "$CERTDESTDIR/$hash.0"
 }
 
 create_blacklisted()
@@ -78,7 +78,7 @@ create_blacklisted()
 
 	hash=$( do_hash "$1" ) || return
 	[ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to blacklist"
-	[ $NOOP -eq 0 ] && ln -fs "$1" "$BLACKLISTDESTDIR/$hash.0"
+	[ $NOOP -eq 0 ] && ln -fs $(realpath "$1") "$BLACKLISTDESTDIR/$hash.0"
 }
 
 do_scan()