Ticket resolved. I ended up changing ca.c (and ocsp.c in 0.9.7 and
up). The change will be visible in the next snapshot.
Thanks for the report and your patience.
[levitte - Tue Oct 8 12:29:23 2002]:
[steve - Fri Aug 30 19:52:43 2002]:
[[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]:
[steve - Fri Aug 30 19:52:43 2002]:
[[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]:
I found the solution: I just commented out the lines 675-676 in
apps/ca.c -
now everything works as expected.
Since this just disables the check it isn't a good idea.
The error message
Richard Levitte via RT wrote:
What happens is that if serial contains '00' when you sign, the
DB_serial field in index.txt will end up containing '0', not '00'.
The next time you try to sign a certificate, 'openssl ca' will
notice that the DB_serial field has an incorrect length (the
Richard Levitte via RT wrote:
What happens is that if serial contains '00' when you sign, the
DB_serial field in index.txt will end up containing '0', not '00'.
The next time you try to sign a certificate, 'openssl ca' will
notice that the DB_serial field has an incorrect length (the
In message [EMAIL PROTECTED] on Mon, 2 Sep 2002 15:01:28 +0200, Dr.
Stephen Henson [EMAIL PROTECTED] said:
steve That is the problem. You should not create 00 in the serial
steve file because the serial number 00 is used by default for the
steve root CA. You should instead use 01. This is
Stephen Henson via RT wrote:
[[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]:
I found the solution: I just commented out the lines 675-676 in
apps/ca.c -
now everything works as expected.
Since this just disables the check it isn't a good idea.
It is not disabled - some other
On Mon, Sep 02, 2002, Olaf Zaplinski via RT wrote:
Stephen Henson via RT wrote:
[[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]:
I found the solution: I just commented out the lines 675-676 in
apps/ca.c -
now everything works as expected.
Since this just disables
On Mon, Sep 02, 2002, Olaf Zaplinski via RT wrote:
This is what I did after 'make install':
cd /usr/local/ssl
mkdir rootCA
[edited openssl.cnf and adjusted the paths accordingly]
cd rootCA
touch index.txt
[edited serial and inserted one line containing '00']
So index.txt was a
[[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]:
I found the solution: I just commented out the lines 675-676 in
apps/ca.c -
now everything works as expected.
Since this just disables the check it isn't a good idea.
The error message suggested that index.txt has somehow had an invalid
hello Olaf
ich have the same problem with the
openssl bad serial number length
its also with the 2. request with my self -signed ca
but now i have suse 6.4 with 2.2.14
and there ich can't find the file ca.c
is there another way to solve the problem, probably installing another
version of
[EMAIL PROTECTED] via RT wrote:
hello Olaf
ich have the same problem with the
openssl bad serial number length
its also with the 2. request with my self -signed ca
but now i have suse 6.4 with 2.2.14
and there ich can't find the file ca.c
is there another way to solve the problem,
OpenSSL self-test report:
OpenSSL version: 0.9.6g
Last change: [In 0.9.6g-engine release:]...
Options: no-idea --prefix=/usr/local --openssldir=/usr/local/ssl
no-threads shared
OS (uname): Linux binky 2.4.19 #1 Fri Aug 9 10:17:44 CEST 2002 i586
unknown
OS (config):
On Mon, Aug 26, 2002, Olaf Zaplinski via RT wrote:
OpenSSL self-test report:
OpenSSL version: 0.9.6g
Last change: [In 0.9.6g-engine release:]...
Options: no-idea --prefix=/usr/local --openssldir=/usr/local/ssl
no-threads shared
OS (uname): Linux binky 2.4.19 #1
13 matches
Mail list logo