return different codes for processing error and general errors

[mrkz]

using the following test.sh script can be noticed that return code for a processing error (trying to add a duplicate and non-duplicate certs) is the same return code when no new certs are added at all.

This is an issue as user is unable to automate certs handling and notice when a cert was added or when it was not just by using the return code status.

---

#!/usr/bin/bash
# test.sh

# generate test certs
openssl req -x509 -newkey rsa:4096 -keyout sub1.key.pem -out sub1.cert.pem -days 365 -nodes -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.sub1.example.com"                                                                 
openssl req -x509 -newkey rsa:4096 -keyout sub2.key.pem -out sub2.cert.pem -days 365 -nodes -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.sub2.example.com"                                                                 
openssl req -x509 -newkey rsa:4096 -keyout sub3.key.pem -out sub3.cert.pem -days 365 -nodes -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.sub3.example.com"                                                                 
openssl req -x509 -newkey rsa:4096 -keyout sub4.key.pem -out sub4.cert.pem -days 365 -nodes -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.sub4.example.com"                                                                 
openssl req -x509 -newkey rsa:4096 -keyout sub5.key.pem -out sub5.cert.pem -days 365 -nodes -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.sub5.example.com"                                                                 
openssl req -x509 -newkey rsa:4096 -keyout sub6.key.pem -out sub6.cert.pem -days 365 -nodes -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.sub6.example.com"                                                                 

echo "adding non-repeated certs set"
clrtrust add sub{1,2}.cert.pem
NON_REPEATED_RC=$?
echo "    'clrtrust add sub{1,2}.cert.pem' returned ${NON_REPEATED_RC}"


echo "adding mixed repeated(sub2.cert.pem) and-non-repeated certs set"
clrtrust add sub{2,3,4,5,6}.cert.pem
MIXED_RC=$?
echo "    'clrtrust add sub{2,3,4,5,6}.cert.pem' returned ${MIXED_RC}"

echo "adding all-repeated-certs set"
clrtrust add sub{1,2,3,4,5,6}.cert.pem
REPEATED_RC=$?
echo "    'clrtrust add sub{1,2,3,4,5,6}.cert.pem' returned ${REPEATED_RC}"

echo "Expecting MIXED RC != REPEATED RC..."
echo " MIXED RC    : ${MIXED_RC}"
echo " REPEATED RC : ${REPEATED_RC}"

---

The output of the following script is as follows:

# ./test.sh
Generating a 4096 bit RSA private key
...............................................................................................................++
.....................................++
writing new private key to 'sub1.key.pem'
-----
Generating a 4096 bit RSA private key
.....................................................................................++
......................................++
writing new private key to 'sub2.key.pem'
-----
Generating a 4096 bit RSA private key
...........................++
................................................................................................................................................++                                                                                           
writing new private key to 'sub3.key.pem'
-----
Generating a 4096 bit RSA private key
.................................................++
...................................................++
writing new private key to 'sub4.key.pem'
-----
Generating a 4096 bit RSA private key
.................................................................................................................................................................................................................................................................................++
.....................++
writing new private key to 'sub5.key.pem'
-----
Generating a 4096 bit RSA private key
.......................................................................................................................++                                                                                                                    
..............................................................................++
writing new private key to 'sub6.key.pem'
-----
adding non-repeated certs set
Trust store generated at /var/cache/ca-certs
    'clrtrust add sub{1,2}.cert.pem' returned 0
adding mixed repeated(sub2.cert.pem) and-non-repeated certs set
Certificate sub2.cert.pem is already trusted. Not adding duplicates.
Trust store generated at /var/cache/ca-certs
    'clrtrust add sub{2,3,4,5,6}.cert.pem' returned 255
adding all-repeated-certs set
Certificate sub1.cert.pem is already trusted. Not adding duplicates.
Certificate sub2.cert.pem is already trusted. Not adding duplicates.
Certificate sub3.cert.pem is already trusted. Not adding duplicates.
Certificate sub4.cert.pem is already trusted. Not adding duplicates.
Certificate sub5.cert.pem is already trusted. Not adding duplicates.
Certificate sub6.cert.pem is already trusted. Not adding duplicates.
Trust store generated at /var/cache/ca-certs
    'clrtrust add sub{1,2,3,4,5,6}.cert.pem' returned 255
Expecting MIXED RC != REPEATED RC...
 MIXED RC    : 255
 REPEATED RC : 255

[mrkz]

Any updates on this?

[busykai]

Will try to find some time for this next week. Contributions are welcome, too.