Source: openssl Source-Version: 0.9.8e-5 Severity: important
Hi, when building a new CA with /usr/lib/ssl/misc/CA.sh the extension "X509v3 Basic Constraints" is set to CA:FALSE instead that should be CA:TRUE. It is already addressed since 0.9.8b-1 according to http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_0.9.8e-5/changelog) but only on CA.pl... Please consider applying : --- /usr/lib/ssl/misc/CA.sh.old 2007-03-10 18:09:23.000000000 +0000 +++ /usr/lib/ssl/misc/CA.sh.new 2007-06-08 11:56:08.000000000 +0000 @@ -91,6 +91,7 @@ -out ${CATOP}/$CAREQ $CA -out ${CATOP}/$CACERT $CADAYS -batch \ -keyfile ${CATOP}/private/$CAKEY -selfsign \ + -extensions v3_ca \ -infiles ${CATOP}/$CAREQ RET=$? fi Cheers -- Mathieu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]