This repository was archived by the owner on Aug 7, 2025. It is now read-only.
This repository was archived by the owner on Aug 7, 2025. It is now read-only.
clrtrust should not allow invalid certificates in /usr/share/ca-certs #10
Description
clearlinux/distribution#3 reports an issue that clrtrust (by running openssl x509) fails to validate any of the certificates installed in /usr/share/ca-certs/trusted.
Currently, clrtrust allows invalid certificates in /usr/share/ca-certs/trusted. It should, instead, fail if any certificate in /usr/share/ca-certs/trusted cannot be loaded by openssl. The reason to fail is the following: 1. in Clear Linux /usr is immutable and should not be modified and 2. Clear Linux never ships an invalid certificate.