Gentoo Archives: gentoo-user

From: walt <w41ter@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem
Date: Sat, 10 Sep 2011 22:58:16
Message-Id: j4gpub$v6q$1@dough.gmane.org
In Reply to: Re: [gentoo-user] Re: openssl WARNING: Skipping duplicate file cert_igca_rsa.pem by Grant
1 On 09/10/2011 10:31 AM, Grant wrote:
2 >>> I just noticed this at the end of my openssl emerge:
3 >>>
4 >>> * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...
5 >>> WARNING: Skipping duplicate file cert_igca_rsa.pem [ ok ]
6 >>>>>> dev-libs/openssl-1.0.0e merged.
7 >>>
8 >>> Since SSL is so critical I thought I should run it by you guys. Is
9 >>> this something I should fix? I get:
10 >>>
11 >>> # updatedb && locate cert_igca_rsa.pem
12 >>> /old-backup-dir/etc/ssl/certs/cert_igca_rsa.pem
13 >>> /etc/ssl/certs/cert_igca_rsa.pem
14 >>
15 >> I notice I have these two symlinks in /etc/ssl/certs:
16 >>
17 >> lrwxrwxrwx 1 root root 9 Sep 7 05:23 3ee7e181.0 -> IGC_A.pem
18 >> lrwxrwxrwx 1 root root 17 Sep 7 05:23 3ee7e181.1 -> cert_igca_dsa.pem
19 >>
20 >> After a bit of poking around I see that the ca-certificates package
21 >> installs one cert under two different names:
22 >>
23 >> /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt
24 >> /usr/share/ca-certificates/mozilla/IGC_A.crt
25 >>
26 >> I don't know where the 3ee7e181 symlinks get their names, but I notice
27 >> that the duplicate cert is actually the cert_igca_rsa.crt, not the dsa
28 >> cert. That's a bit confusing, but at least it led me to the answer.
29 >
30 > Nice sleuthing! I can't say I completely understand, but everything
31 > is OK as-is?
32
33 I don't see how it could be exploited -- but that's not much comfort
34 for either of us ;)