[openssl.org #458] 'openssl x509' not quite working...
I just test, with OpenSSL 0.9.7a-dev (fresh checkout), the command to generate a self-signed cerificate according to the example in x509.pod: openssl x509 -in cert.pem -addtrust sslclient \ -alias Steve's Class 1 CA -out trust.pem I expected it to fail because it wouldn't find those files. However, the error was more of an unexpected one: Invalid trust object value sslclient And I can't quite blame it, I can't really see where that object would find itself into the object database. What am I missing? I'm filing this as a bug, as I suspect that's exactly what it is. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #458] 'openssl x509' not quite working...
Richard Levitte - VMS Whacker via RT wrote: I just test, with OpenSSL 0.9.7a-dev (fresh checkout), the command to generate a self-signed cerificate according to the example in x509.pod: openssl x509 -in cert.pem -addtrust sslclient \ -alias Steve's Class 1 CA -out trust.pem I expected it to fail because it wouldn't find those files. However, the error was more of an unexpected one: Invalid trust object value sslclient And I can't quite blame it, I can't really see where that object would find itself into the object database. What am I missing? I think it's a typo. From 'man x509' : /snip -addtrust arg adds a trusted certificate use. Any object name can be used here but currently only clientAuth (SSL client use), serverAuth (SSL server use) and emailProtection (S/MIME email) are used. Other OpenSSL applications may define additional uses. /snap = I guess the example should be: openssl x509 -in cert.pem -addtrust clientAuth \ -alias Steve's Class 1 CA -out trust.pem Regards, Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #458] 'openssl x509' not quite working...
The example was incorrect. I've committed a change. This ticket is now resolved. Thanks to Nils Larsch for helping me figure this one out. [[EMAIL PROTECTED] - Tue Jan 14 12:56:55 2003]: I just test, with OpenSSL 0.9.7a-dev (fresh checkout), the command to generate a self-signed cerificate according to the example in x509.pod: openssl x509 -in cert.pem -addtrust sslclient \ -alias Steve's Class 1 CA -out trust.pem I expected it to fail because it wouldn't find those files. However, the error was more of an unexpected one: Invalid trust object value sslclient And I can't quite blame it, I can't really see where that object would find itself into the object database. What am I missing? I'm filing this as a bug, as I suspect that's exactly what it is. -- Richard Levitte __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]