From: hallvard.ystad@babelserver.org   
      
   This is a multi-part message in MIME format.   
   Package: ca-certificates   
   Version: 20240203   
   Severity: important   
   Tags: patch   
      
   update-ca-certificates calls `openssl rehash` (sbin/update-ca-certificates,   
   line 192), but LibreSSL does not implement the `rehash` subcommand — it   
   provides `certhash` instead.   
      
   Because the script runs under `#!/bin/sh -e`, the failing `openssl rehash`   
   causes the script to exit immediately, before the CA bundle file   
   (ca-certificates.crt) is written.  This leaves /etc/ssl/certs in a broken   
   state: certificate symlinks may have been updated, but the bundle that many   
   applications depend on is never generated.   
      
   The attached patch detects LibreSSL at startup via `openssl version` output   
   and stores the appropriate subcommand in a shell variable ($REHASH_CMD).   
   The POSIX `case` construct is used to avoid introducing bashisms, since the   
   script uses `#!/bin/sh`.   
      
   The patch applies cleanly against current ca-certificates master   
   (ba3830faf6, "Upload to unstable").   
      
   Upstream LibreSSL issue:   
      https://github.com/libressl/portable/issues/1136   
      
   --   
   Hallvard Ystad   
      
   --   
   Theme song:   
   https://open.spotify.com/track/2vxbGmEBilnrByHy12mNKU?si=xfFeZd3MR-uZ6cZY9EPPXw   
   [SoupGate killed MIME-encoded file 0001-Use-openssl-certhash-ins   
   ead-of-openssl-rehash-on-Li.patch (2075 bytes)]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)