Your message dated Sun, 6 Aug 2006 15:09:35 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing #282868
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tinyca
Version: 1:0.6.6-2.mag.1
Severity: important
Tags: patch
Conversion of openssl CA certificate database index files is not a good thing.
I have
a CA that I manually imported into tinyca by hand, created on openssl 0.9.6
(woody)
and openssl 0.9.7 (sarge). The app detects it as created by < 0.9.7, and wants
to convert the Email part of the DN field.
The converted names in the new index
file do not match the old certificates, and openssl fails to do CA operations
with an unknown error...
This patch comments out the code that does the converion. Openssl has created
revocation entries for the certs created under openssl 0.9.6 (woody version)
contrary to the warning in the conversion dialog box.
If you want to leave this in there, please create a preferences option or button
on the conversion dialog to never ask again.
diff -uNr orig/tinyca-0.6.6/lib/OpenSSL.pm tinyca-0.6.6/lib/OpenSSL.pm
--- orig/tinyca-0.6.6/lib/OpenSSL.pm 2004-08-14 09:10:00.000000000 +1200
+++ tinyca-0.6.6/lib/OpenSSL.pm 2004-11-25 11:59:55.592507880 +1300
@@ -81,21 +81,27 @@
return($ret, $ext) if($ret);
$cmd = "$self->{'bin'} gendsa";
- $cmd .= " -des3";
- $cmd .= " -passout env:SSLPASS";
+ if($opts->{'pass'}) {
+ $cmd .= " -des3";
+ $cmd .= " -passout env:SSLPASS";
+ }
$cmd .= " -out \"$opts->{'outfile'}\"";
$cmd .= " $param";
} else {
$cmd = "$self->{'bin'} genrsa";
- $cmd .= " -des3";
- $cmd .= " -passout env:SSLPASS";
+ if($opts->{'pass'}) {
+ $cmd .= " -des3";
+ $cmd .= " -passout env:SSLPASS";
+ }
$cmd .= " -out \"$opts->{'outfile'}\"";
$cmd .= " $opts->{'bits'}";
}
- $ENV{'SSLPASS'} = $opts->{'pass'};
+ if($opts->{'pass'}) {
+ $ENV{'SSLPASS'} = $opts->{'pass'}
+ }
my($rdfh, $wtfh);
$ext = "$cmd\n\n";
$pid = open3($wtfh, $rdfh, $rdfh, $cmd);
diff -uNr orig/tinyca-0.6.6/lib/REQ.pm tinyca-0.6.6/lib/REQ.pm
--- orig/tinyca-0.6.6/lib/REQ.pm 2004-08-14 09:10:00.000000000 +1200
+++ tinyca-0.6.6/lib/REQ.pm 2004-11-25 11:44:27.574588048 +1300
@@ -92,14 +92,30 @@
return;
}
+ # Normalise passwd and passwd2
+ if(not defined($opts->{'passwd'})) {
+ $opts->{'passwd'} = "";
+ }
+ if(not defined($opts->{'passwd2'})) {
+ $opts->{'passwd2'} = "";
+ }
+
+# if((not defined($opts->{'CN'})) ||
+# ($opts->{'CN'} eq "") ||
+# (not defined($opts->{'passwd'})) ||
+# ($opts->{'passwd'} eq "")) {
+# $main->show_req_dialog($opts);
+# GUI::HELPERS::print_warning(
+# gettext("Please specify at least Common Name ")
+# .gettext("and Password"));
+# return;
+# }
+
if((not defined($opts->{'CN'})) ||
- ($opts->{'CN'} eq "") ||
- (not defined($opts->{'passwd'})) ||
- ($opts->{'passwd'} eq "")) {
+ ($opts->{'CN'} eq "")) {
$main->show_req_dialog($opts);
GUI::HELPERS::print_warning(
- gettext("Please specify at least Common Name ")
- .gettext("and Password"));
+ gettext("Please specify at least Common Name "));
return;
}
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-laptop-pmac-2.6
Locale: LANG=en_NZ, LC_CTYPE=en_NZ
Versions of packages tinyca depends on:
ii libgnome-perl 0.7009-1.1 Perl module for the gnome and zvt
ii libgtk-perl 0.7009-1.1 Perl module for the gtk+ library
ii liblocale-gettext-perl 1.01-17 Using libc functions for internati
ii openssl 0.9.7d-5 Secure Socket Layer (SSL) binary a
ii perl [libmime-base64-perl] 5.8.4-3 Larry Wall's Practical Extraction
-- no debconf information
--- End Message ---
--- Begin Message ---
As announced three weeks ago, I'm closing this bug. It does not seem to
be an issue any longer.
Regards
uLI
--- End Message ---
