In issueCertificate there is a step where the PIN is signed:
## sign the PIN
if ( not $cryptoShell->sign(
DATA => $hashed_pin,
OUT_FILE => $tmpdir."/".$ser.".sig",
KEY_FILE => $cakey,
CERT_FILE => $cacert,
PASSWD => "$passwd" ) ) {
restore_openssl_state ();
configError ( "Error while signing PIN of ".
$req->getParsed()->{CN} . "<BR><BR>".
"(file name: $tmpdir/${ser}.sig )");
}
However, from looking at the code this has no effect, as the return value of
sign() is ignored, and sign() doesn't have any side-effects that I can find.
Moreover, when this code is commented out, I can still do a full cycle of
requesting a certificate, approve it, export to CA, sign it, and finally
import into RA. Can this bit of code be removed?
Thanks,
Marcel
PS: I only found this, because it suddenly failed to do the signature on my
8th certificate, even though it worked fine on the first 7, and I can't
think what I did differently.
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
