- 06 Jan, 2023 6 commits
-
-
Kevin Daudt authored
-
Kevin Daudt authored
-
Kevin Daudt authored
Modify c_rehash to ignore the /etc/ssl/certs/certs/ca-certificates.crt file when created hash softlinks in the /etc/ssl/certs/ directory. There are 3 reasons for this: (1) normally whenever "update-ca-certificates" is run (whether by a script/trigger or by an end-user) a warning will appear: ``` WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping ``` which is annoying but not problematic, however (2) in some circumstances such as where that file only contains a single certificate, i.e. where you disable *all* the system certificates and only use your own "local" CA file, then c_rehash may wrongly create a softlink to the ca-certificates.crt file rather than to the correct CA file if c_rehash finds the ca-certificates.crt file first in the /etc/ssl/certs/ directory. In the "single CA cert" situation if however c_rehash finds the correct (single CA) file first then (3) when it does find the ca-certificates.crt file it will generate the following warning: ``` WARNING: Skipping duplicate certificate in file ca-certificates.crt ``` The changes in this MR prevent all 3 scenarios from occurring. Remove the blacklist.txt file - this has not been updated since it was added to the repo 5+ years ago. Also this file is not used for any purpose - it was previously used/read by the certdata2pem.py Python script but that was replaced by by the mk-ca-bundle.pl Perl script which makes no use of blacklist.txt. Correct update-ca-certificates manpage - this was copied from Debian, however the Alpine program does NOT support any cli options, so remove these from the manpage. Fixes #2. Closes #2 See merge request !5
-
Dermot Bradley authored
Correct update-ca-certificates manpage - this was copied from Debian, however the Alpine program does NOT support any cli options, so remove these from the manpage.
-
Dermot Bradley authored
Remove the blacklist.txt file - this has not been updated since it was added to the repo 5+ years ago. Also this file is not used for any purpose - it was previously used/read by the certdata2pem.py Python script but that was replaced by by the mk-ca-bundle.pl Perl script which makes no use of blacklist.txt.
-
Dermot Bradley authored
Modify c_rehash to ignore the /etc/ssl/certs/certs/ca-certificates.crt file when created hash softlinks in the /etc/ssl/certs/ directory. There are 3 reasons for this: (1) normally whenever "update-ca-certificates" is run (whether by a script/trigger or by an end-user) a warning will appear: WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping which is annoying but not problematic, however (2) in some circumstances such as where that file only contains a single certificate, i.e. where you disable *all* the system certificates and only use your own "local" CA file, then c_rehash may wrongly create a softlink to the ca-certificates.crt file rather than to the correct CA file if c_rehash finds the ca-certificates.crt file first in the /etc/ssl/certs/ directory and it will generate a warning when it then finds the actual certificate file: WARNING: Skipping duplicate certificate in file ca-cert-cloud-init-ca-cert-01.crt In the "single CA cert" situation if however c_rehash finds the correct (single CA) file first then (3) when it does find the ca-certificates.crt file it will generate the following warning: WARNING: Skipping duplicate certificate in file ca-certificates.crt The changes in this MR prevent all 3 scenarios from occurring. Fixes #2.
-
- 16 Dec, 2022 1 commit
-
-
Kevin Daudt authored
NSS_3_86_BETA1 Fixes: aports#14463 Closes aports#14463 See merge request !4
-
- 15 Dec, 2022 1 commit
-
-
Kevin Daudt authored
NSS_3_86_BETA1 Fixes: aports#14463
-
- 29 Jul, 2022 2 commits
-
-
Kevin Daudt authored
-
Kevin Daudt authored
-
- 11 Jan, 2022 2 commits
-
-
Kevin Daudt authored
-
Kevin Daudt authored
See merge request !2
-
- 20 Dec, 2021 1 commit
-
-
Simon F authored
-
- 06 Feb, 2020 1 commit
-
-
Natanael Copa authored
remove left over function
-
- 05 Feb, 2020 3 commits
-
-
Natanael Copa authored
There may be certificates that lack a trailing newline, which is allowed in the certificate format. We work around that by inject a newline after each cert. see aports#8379
-
Natanael Copa authored
we need ca-certificates when bootstrapping new architectures. Avoid use of python to reduce number of dependencies when bootstrapping. So use mk-ca-bundle.pl script from curl, and add a small shell script that splits the bundle to separate .crt files, similar way that the python script did.
-
Natanael Copa authored
-
- 18 Dec, 2019 1 commit
-
-
Natanael Copa authored
-
- 08 Jan, 2019 2 commits
-
-
Natanael Copa authored
-
Natanael Copa authored
-
- 24 Sep, 2018 2 commits
-
-
Natanael Copa authored
musl removed SYMLINK_MAX define[1]. Use PATH_MAX instead for symlink target. [1]: http://git.musl-libc.org/cgit/musl/commit/?id=767f7a1091af3a3dcee2f7a49d0713359a81961c
-
Natanael Copa authored
-
- 14 Nov, 2017 2 commits
-
-
Ariadne Conill authored
-
Ariadne Conill authored
-
- 02 Aug, 2017 3 commits
-
-
Ariadne Conill authored
-
Ariadne Conill authored
-
Ariadne Conill authored
-
- 31 Jul, 2017 1 commit
-
-
Ariadne Conill authored
-