Dag-Erling Smørgrav fb33dd91ae certctl: Split certificate bundles before processing. ... This allows 'certctl rehash' to do the right thing when ca_root_nss is installed, instead of linking the entire bundle to the hash of the first certificate it contains. MFC after: 3 days Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D42087 (cherry picked from commit a401c8cb26) certctl: Fix recent regressions. - If an untrusted certificate is also found in the list of trusted certificate, issue a warning and skip it, but don't fail. - Split on -+BEGIN CERTIFICATE-+ instead of "Certificate:" since that's what we're really looking for. Also fix a long-standing bug: .crl files are not certificates, so we should not include them when searching for certificates. Reported by: madpilot, netchild, tijl Reviewed by: netchild, allanjude Differential Revision: https://reviews.freebsd.org/D42276 (cherry picked from commit 87945a0829) certctl: Convert line endings before inspecting files. This ensures that certificate files or bundles with DOS or Mac line endings are recognized as such and handled identically to those with Unix line endings. PR: 274952 Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D42490 (cherry picked from commit f7d16a627e) certctl: Revert to symlinks. Unfortunately tar will not be able to extract base.txz to a system where /etc and /usr are not on the same filesystem if the certificates are hard links. PR: 277828 Reviewed by: mp Differential Revision: https://reviews.freebsd.org/D44496 (cherry picked from commit 3fed4f0db5) (cherry picked from commit 9c34a6876a60dc10fda6ad6a0cbe8f99a372aadc) Approved by: re (cperciva)		2025-05-30 17:59:32 +02:00
..
certctl.8	Remove $FreeBSD$: two-line nroff pattern	2023-08-16 11:55:10 -06:00
certctl.sh	certctl: Split certificate bundles before processing.	2025-05-30 17:59:32 +02:00
Makefile	Remove $FreeBSD$: one-line sh pattern	2023-08-16 11:55:03 -06:00