Hi Claus, the AC code is a bit of a mess right now. I think it suffered from the over-engineer complex... I think that the idea about the CERTIFICATE_SERIAL being < 1 would identify the CA certificate which are treated differently from the other certificates (because their serial numbers can be non-unique due to renewal, etc..).
I am actually planning on completely rewriting the AC module and use a simpler User oriented one that would allow CA managers to enable/disable users to act as RA/CA/etc... I will look into the problem and send a solution as soon as I have some time to work on it... but if you find a working solution, please share it with us... :D Cheers, Max On 03/29/2010 08:49 AM, [email protected] wrote:
Hi all,
i have a problem with ca_certificates whoes fingerprint starts with a
digit and i think its a bug.
I can't view the Cert, the listCert is ok.
After some debugging i located the problem in AC.pm.
In the 'sub getOwner'
.
.
## check for certificates
if ( not $self->{acl}->{owner_method}) {
$self->{acl}->{object} = "";
$self->{acl}->{owner} = "";
} elsif ( $self->{acl}->{owner_method} =~ /^CERTIFICATE_SERIAL$/i ) {
## load serial
if ( $self->{cgi}->param ($self->{acl}->{owner_argument})< 1 ) {
## CA_CERTIFICATE detected
-----
the last 'if' is false if the fingerprint (=ca_cert_key) starts with a digit.
Im am very confused about this check. What means here less the '1'?
In my understanding the first Parameter contains the fingerprint and
so a textstring - i'm wrong?
I admit that i'm not a expert in perl, but could you explain me the
purpose of these code lines?
Should it be a check against the serial of the Certificate?
I hope you can clarify my confusion
Thanks, Claus
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
