--- aegis-certman-common-ca.postinst.old 2012-05-08 06:26:05.000000000 -0500 +++ aegis-certman-common-ca.postinst 2020-06-30 21:16:56.040808550 -0500 @@ -1,12 +1,11 @@ #!/bin/sh -e if [ "$1" = "configure" ]; then + for deletename in /var/lib/aegis/certs/common-ca/*.pem; do + acmcli -C aegis-certman-common-ca::CertCACommonAdd \ + -lc common-ca -r `echo $deletename | sed "s/.*\/\([-0123456789abcdef]*\).*/\\1/"` + done; acmcli -C aegis-certman-common-ca::CertCACommonAdd -lc common-ca\ -a /usr/share/aegis-certman-common-ca/*.pem - # Remove DigiNotar CA if still in store - if [ -f /var/lib/aegis/certs/common-ca/8868bfe08e35c43b386b62f7283b8481c80cd74d.pem ] ; then - acmcli -C aegis-certman-common-ca::CertCACommonAdd -lc common-ca\ - -r 8868bfe08e35c43b386b62f7283b8481c80cd74d - fi chmod 0777 /var/lib/aegis/certs if [ ! -e /usr/lib/ssl/certs ] then
--- certman_main.cpp.old 2012-05-08 06:26:05.000000000 -0500 +++ certman_main.cpp 2020-07-21 21:14:32.432448891 -0500 @@ -436,13 +436,13 @@ #define MAX_TRIES 100 void -make_hash_filename(X509* of_cert, storage* pstore, const char* to_certfile, string &result) +make_hash_filename(X509* of_cert, storage* pstore, const char* to_certfile, string &result, string &result_old) { X509* lcert = of_cert; char hash_file_name[32]; string full_name; - long hash; - int i; + long hash[2]; // changed to [0] for new, [1] for old + int i, j; // added counter j AEGIS_DEBUG(1, "%s: make hash to '%s'", __func__, to_certfile); if (NULL == lcert) { @@ -453,12 +453,18 @@ return; } } - hash = X509_subject_name_hash(lcert); + + // changed to array, now getting old hash as well + hash[0] = X509_subject_name_hash(lcert); + hash[1] = X509_subject_name_hash_old(lcert); + if (of_cert != lcert) X509_free(lcert); + + for (j = 0; j < 2; j++) { for (i = 0; i < MAX_TRIES; i++) { - snprintf(hash_file_name, sizeof(hash_file_name), "%08lx.%d", hash, i); + snprintf(hash_file_name, sizeof(hash_file_name), "%08lx.%d", hash[j], i); if (!pstore->contains_link(hash_file_name)) break; } @@ -466,7 +472,10 @@ AEGIS_ERROR("%s: %d colliding hash files for '%s'?", __func__, i, to_certfile); } else { - result.assign(hash_file_name); + if (j) result_old.assign(hash_file_name); + else result.assign(hash_file_name); + } + } } @@ -967,14 +976,17 @@ rc = errno; if (0 == rc) { - string hash_name; + string hash_name, hash_name_old; make_hash_filename(cert, mydomain->index, filename.c_str(), - hash_name); + hash_name, hash_name_old); if (!mydomain->index->contains_file(filename.c_str())) { mydomain->index->add_file(filename.c_str()); if ("" != hash_name) mydomain->index->add_link(hash_name.c_str(), filename.c_str()); + if ("" != hash_name_old) + mydomain->index->add_link(hash_name_old.c_str(), + filename.c_str()); if (do_commit) { if (!mydomain->index->commit()) { AEGIS_DEBUG(1, "%s: add of '%s' failed (%s)", __func__,