Hi, I'm working on the debian packaging of openca with Brian May.
Cool. I'm not a debian crack only an OpenCA one but I'm waiting for debian packages too :) I comment the problems and later the day or tomorrow I check the patch itself. I attached a reduced CHANGES files with changes since 20031124.
I found some problems and some bugs, I attach a patch:
src/common/etc/openca_start.template.in and src/common/lib/functions/initServer: some problems in the perl syntax with the perl version present in debian SID (perl v5.8.2):
- use strict qw(@ISA);; seems unaceptable
- some our global simbols declared in a subroutine scope.
Should be already fixed (since 2003-Dec-05).
src/web-interfaces/*/Makefile:
when creating symlinks, it could be wise to use relative paths, since it is more
common to
create danglink symlinks (moreover on deb package it creates some problems).
We tried this sometime ago too because we have problems with RPM builds but we failed because of some problems. Perhaps it is possible today. I will do a next try.
src/web-interfaces/ca/cmds/Makefile:
some commands seem missings: lists approveCSRnotSigned approveCSR.
They should be present even in the ca module, else the creation procedure of the first ca||ra admin certificates is broken.
Lists is only present on the public interface. Requests should not be approved on a CA. You can create certificates of requests with the status pending too. It is not necessary to approve a request.
I also found some problems in the initialization of the ca module: when I try to create the ca admin certificate the "issue certificate" command
does not work. I follow the procedure:
- Make request
- Edit request
- Approve without signing
Don't do this. I removed the button at 2003-Dec-19.
I will check the patch soon. Especially the symlinks are really interesting for me too because it is an old problem.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
2004-Jan-xx:
* added Makefile.devel with all static development stuff
2003-Dec-19:
* 0.9.1.6
* fixed LDAP code to support certificates without an emailaddress
(openca_0_9_1 too)
* small fix in basic_csr to detect empty passphrases correctly
* fixed OpenCA::DB because of sequence problems after wrong state
detection
* added first support for SecCLAB plugin
* removed approve CSR buttons from CA interface
* fixed renewal button in viewCSR
* fixed wrong socket file position of XML cache
2003-Dec-18:
* XML logging mechanism fixed for searching
* access control adds the session ID to the log message during login too
* looks like the keys of DBM files are too short for our log IDs
2003-Dec-16:
* documentation update
* --with-hierarchy-level was removed from configure and the different
options were added to config.xml. ./configure without options should
work now. New packages from distros should now be fully usable.
* fixed src/web-interfaces/scep/functions/Makefile to support all
libraries (necessary for initServer)
* upgraded Net::Server to 0.86 to fix some daemon problems with setuid
and FreeBSD
* documentation available as chunked HTML version
2003-Dec-10:
* 0.9.1.5
* moved PEMCACert to CACertificate (openca_0_9_1 too)
* CACertificate always cacert.pem (openca_0_9_1 too)
* removed illegal configure file from it_IT (openca_0_9_1 only)
2003-Dec-05:
* 0.9.2 RC1
* fixed some unclean Perl stuff which will be rejected by Perl 5.8.1
(openca_start and initServer)
2003-Nov-27:
* 0.9.1.4
* changes for support of multivalued RDNs in OpenCA::X509, changeCSR
* additional patches for the signature verification - crypto-utils.lib,
verifySignature and viewSignature are affected (openca_0_9_1 too)
* fixed wrong javascript form reference in test_cert and confirm_revreq
* fixed signature verification of role in sub CAs in bpIssueCertificate
and OpenCA::PKCS7 (openca_0_9_1 too)
2003-Nov-25:
* fixed three bugs in crypto-utils.lib and OpenCA::PKCS7 which corrupt
the signature verification - the serial of a CA certificate was
sometimes used to load and check the certificate which was used to
sign the data (security advisory issued) (openca_0_9_1 too)
* added support for multivalued RDNs
