[gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
On 09/08/2011 05:51 PM, Grant wrote: I just noticed this at the end of my openssl emerge: * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ... WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ] dev-libs/openssl-1.0.0e merged. Since SSL is so critical I thought I should run it by you guys. Is this something I should fix? I get: # updatedb locate cert_igca_rsa.pem /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem /etc/ssl/certs/cert_igca_rsa.pem I notice I have these two symlinks in /etc/ssl/certs: lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 - IGC_A.pem lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 - cert_igca_dsa.pem After a bit of poking around I see that the ca-certificates package installs one cert under two different names: /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt /usr/share/ca-certificates/mozilla/IGC_A.crt I don't know where the 3ee7e181 symlinks get their names, but I notice that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa cert. That's a bit confusing, but at least it led me to the answer.
Re: [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
I just noticed this at the end of my openssl emerge: * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ... WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ] dev-libs/openssl-1.0.0e merged. Since SSL is so critical I thought I should run it by you guys. Is this something I should fix? I get: # updatedb locate cert_igca_rsa.pem /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem /etc/ssl/certs/cert_igca_rsa.pem I notice I have these two symlinks in /etc/ssl/certs: lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 - IGC_A.pem lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 - cert_igca_dsa.pem After a bit of poking around I see that the ca-certificates package installs one cert under two different names: /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt /usr/share/ca-certificates/mozilla/IGC_A.crt I don't know where the 3ee7e181 symlinks get their names, but I notice that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa cert. That's a bit confusing, but at least it led me to the answer. Nice sleuthing! I can't say I completely understand, but everything is OK as-is? - Grant
[gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
On 09/10/2011 10:31 AM, Grant wrote: I just noticed this at the end of my openssl emerge: * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ... WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ] dev-libs/openssl-1.0.0e merged. Since SSL is so critical I thought I should run it by you guys. Is this something I should fix? I get: # updatedb locate cert_igca_rsa.pem /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem /etc/ssl/certs/cert_igca_rsa.pem I notice I have these two symlinks in /etc/ssl/certs: lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 - IGC_A.pem lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 - cert_igca_dsa.pem After a bit of poking around I see that the ca-certificates package installs one cert under two different names: /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt /usr/share/ca-certificates/mozilla/IGC_A.crt I don't know where the 3ee7e181 symlinks get their names, but I notice that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa cert. That's a bit confusing, but at least it led me to the answer. Nice sleuthing! I can't say I completely understand, but everything is OK as-is? I don't see how it could be exploited -- but that's not much comfort for either of us ;)