* [gentoo-user] openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
@ 2011-09-09 0:51 Grant
2011-09-10 16:54 ` [gentoo-user] " walt
0 siblings, 1 reply; 4+ messages in thread
From: Grant @ 2011-09-09 0:51 UTC (permalink / raw
To: Gentoo mailing list
I just noticed this at the end of my openssl emerge:
* Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...
WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ]
>>> dev-libs/openssl-1.0.0e merged.
Since SSL is so critical I thought I should run it by you guys. Is
this something I should fix? I get:
# updatedb && locate cert_igca_rsa.pem
/old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem
/etc/ssl/certs/cert_igca_rsa.pem
- Grant
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
2011-09-09 0:51 [gentoo-user] openssl WARNING: Skipping duplicate file cert_igca_rsa.pem Grant
@ 2011-09-10 16:54 ` walt
2011-09-10 17:31 ` Grant
0 siblings, 1 reply; 4+ messages in thread
From: walt @ 2011-09-10 16:54 UTC (permalink / raw
To: gentoo-user
On 09/08/2011 05:51 PM, Grant wrote:
> I just noticed this at the end of my openssl emerge:
>
> * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...
> WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ]
>>>> dev-libs/openssl-1.0.0e merged.
>
> Since SSL is so critical I thought I should run it by you guys. Is
> this something I should fix? I get:
>
> # updatedb && locate cert_igca_rsa.pem
> /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem
> /etc/ssl/certs/cert_igca_rsa.pem
I notice I have these two symlinks in /etc/ssl/certs:
lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 -> IGC_A.pem
lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 -> cert_igca_dsa.pem
After a bit of poking around I see that the ca-certificates package
installs one cert under two different names:
/usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt
/usr/share/ca-certificates/mozilla/IGC_A.crt
I don't know where the 3ee7e181 symlinks get their names, but I notice
that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa
cert. That's a bit confusing, but at least it led me to the answer.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
2011-09-10 16:54 ` [gentoo-user] " walt
@ 2011-09-10 17:31 ` Grant
2011-09-10 22:56 ` walt
0 siblings, 1 reply; 4+ messages in thread
From: Grant @ 2011-09-10 17:31 UTC (permalink / raw
To: gentoo-user
>> I just noticed this at the end of my openssl emerge:
>>
>> * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...
>> WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ]
>>>>> dev-libs/openssl-1.0.0e merged.
>>
>> Since SSL is so critical I thought I should run it by you guys. Is
>> this something I should fix? I get:
>>
>> # updatedb && locate cert_igca_rsa.pem
>> /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem
>> /etc/ssl/certs/cert_igca_rsa.pem
>
> I notice I have these two symlinks in /etc/ssl/certs:
>
> lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 -> IGC_A.pem
> lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 -> cert_igca_dsa.pem
>
> After a bit of poking around I see that the ca-certificates package
> installs one cert under two different names:
>
> /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt
> /usr/share/ca-certificates/mozilla/IGC_A.crt
>
> I don't know where the 3ee7e181 symlinks get their names, but I notice
> that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa
> cert. That's a bit confusing, but at least it led me to the answer.
Nice sleuthing! I can't say I completely understand, but everything
is OK as-is?
- Grant
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
2011-09-10 17:31 ` Grant
@ 2011-09-10 22:56 ` walt
0 siblings, 0 replies; 4+ messages in thread
From: walt @ 2011-09-10 22:56 UTC (permalink / raw
To: gentoo-user
On 09/10/2011 10:31 AM, Grant wrote:
>>> I just noticed this at the end of my openssl emerge:
>>>
>>> * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...
>>> WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ]
>>>>>> dev-libs/openssl-1.0.0e merged.
>>>
>>> Since SSL is so critical I thought I should run it by you guys. Is
>>> this something I should fix? I get:
>>>
>>> # updatedb && locate cert_igca_rsa.pem
>>> /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem
>>> /etc/ssl/certs/cert_igca_rsa.pem
>>
>> I notice I have these two symlinks in /etc/ssl/certs:
>>
>> lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 -> IGC_A.pem
>> lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 -> cert_igca_dsa.pem
>>
>> After a bit of poking around I see that the ca-certificates package
>> installs one cert under two different names:
>>
>> /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt
>> /usr/share/ca-certificates/mozilla/IGC_A.crt
>>
>> I don't know where the 3ee7e181 symlinks get their names, but I notice
>> that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa
>> cert. That's a bit confusing, but at least it led me to the answer.
>
> Nice sleuthing! I can't say I completely understand, but everything
> is OK as-is?
I don't see how it could be exploited -- but that's not much comfort
for either of us ;)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-09-10 22:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-09 0:51 [gentoo-user] openssl WARNING: Skipping duplicate file cert_igca_rsa.pem Grant
2011-09-10 16:54 ` [gentoo-user] " walt
2011-09-10 17:31 ` Grant
2011-09-10 22:56 ` walt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox