From: julien@cristau.org   
      
   Control: severity -1 wishlist   
      
   On 2/23/26 15:43, Hallvard Ystad wrote:   
   > update-ca-certificates calls `openssl rehash`   
   > (sbin/update-ca-certificates,   
   > line 192), but LibreSSL does not implement the `rehash` subcommand — it   
   > provides `certhash` instead.   
   >   
   > Because the script runs under `#!/bin/sh -e`, the failing `openssl   
   > rehash`   
   > causes the script to exit immediately, before the CA bundle file   
   > (ca-certificates.crt) is written.  This leaves /etc/ssl/certs in a broken   
   > state: certificate symlinks may have been updated, but the bundle that   
   > many   
   > applications depend on is never generated.   
   >   
   > The attached patch detects LibreSSL at startup via `openssl version`   
   > output   
   > and stores the appropriate subcommand in a shell variable ($REHASH_CMD).   
   > The POSIX `case` construct is used to avoid introducing bashisms,   
   > since the   
   > script uses `#!/bin/sh`.   
   I'm not convinced this is something we want/need to support...   
      
   Cheers,   
   Julien   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)