On 09/10/2011 10:31 AM, Grant wrote:
>>> I just noticed this at the end of my openssl emerge:
>>> * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...
>>> WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ]
>>>>>> dev-libs/openssl-1.0.0e merged.
>>> Since SSL is so critical I thought I should run it by you guys. Is
>>> this something I should fix? I get:
>>> # updatedb && locate cert_igca_rsa.pem
>> I notice I have these two symlinks in /etc/ssl/certs:
>> lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 -> IGC_A.pem
>> lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 -> cert_igca_dsa.pem
>> After a bit of poking around I see that the ca-certificates package
>> installs one cert under two different names:
>> I don't know where the 3ee7e181 symlinks get their names, but I notice
>> that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa
>> cert. That's a bit confusing, but at least it led me to the answer.
> Nice sleuthing! I can't say I completely understand, but everything
> is OK as-is?
I don't see how it could be exploited -- but that's not much comfort
for either of us