From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R2WV5-0005nG-VC for garchives@archives.gentoo.org; Sat, 10 Sep 2011 22:58:16 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6677721C1BD; Sat, 10 Sep 2011 22:58:06 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B4EC921C12E for ; Sat, 10 Sep 2011 22:56:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 102A01B4001 for ; Sat, 10 Sep 2011 22:56:36 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Score: -5.011 X-Spam-Level: X-Spam-Status: No, score=-5.011 required=5.5 tests=[AWL=1.588, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9hsnW4N4DlIQ for ; Sat, 10 Sep 2011 22:56:28 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 822A51B4004 for ; Sat, 10 Sep 2011 22:56:26 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1R2WTI-0004fb-7B for gentoo-user@gentoo.org; Sun, 11 Sep 2011 00:56:24 +0200 Received: from adsl-69-234-176-158.dsl.irvnca.pacbell.net ([69.234.176.158]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 11 Sep 2011 00:56:24 +0200 Received: from w41ter by adsl-69-234-176-158.dsl.irvnca.pacbell.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 11 Sep 2011 00:56:24 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: walt Subject: [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem Date: Sat, 10 Sep 2011 15:56:11 -0700 Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: adsl-69-234-176-158.dsl.irvnca.pacbell.net User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20110831 Thunderbird/6.0 In-Reply-To: X-Archives-Salt: X-Archives-Hash: 34663810928d87311ede1429dcaf5dff On 09/10/2011 10:31 AM, Grant wrote: >>> I just noticed this at the end of my openssl emerge: >>> >>> * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ... >>> WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ] >>>>>> dev-libs/openssl-1.0.0e merged. >>> >>> Since SSL is so critical I thought I should run it by you guys. Is >>> this something I should fix? I get: >>> >>> # updatedb && locate cert_igca_rsa.pem >>> /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem >>> /etc/ssl/certs/cert_igca_rsa.pem >> >> I notice I have these two symlinks in /etc/ssl/certs: >> >> lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 -> IGC_A.pem >> lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 -> cert_igca_dsa.pem >> >> After a bit of poking around I see that the ca-certificates package >> installs one cert under two different names: >> >> /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt >> /usr/share/ca-certificates/mozilla/IGC_A.crt >> >> I don't know where the 3ee7e181 symlinks get their names, but I notice >> that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa >> cert. That's a bit confusing, but at least it led me to the answer. > > Nice sleuthing! I can't say I completely understand, but everything > is OK as-is? I don't see how it could be exploited -- but that's not much comfort for either of us ;)