[OpenCA-Devel] CRL issues

Wed, 14 Jul 2004 12:21:49 -0700 

i just tried to trace down this crl.txt issue
therefore - this is not the only problem hidden here:

used current cvs - enabled debuging for openssl too
(i would prefer to rewrite unlink-file-code, so if there is debug enabled
 temporary files shouldn't get unlinked - this should ease tracing of errors
 and reduce need to manualy disable unlink calls in the code...)

another question would be - why the ca interface tells it has created an txt file
if there is an error situation - but this don't get through to the user-interface
and even return undef gives a correct filewrite - so maybe the code should be changed
there too... since the file gets written with 0 bytes and therefore no 'error' occurs
for the file-create code - but actually there is one

anyhow:
i created several crls and all have the serial of 1 (0x0)
i think this is a problem too... i issued them shortly one after
another but anyway they should have different serials - shouldn't they?


the openssl problem for the txt-crl is following:

if i call:
   openssl crl ... it works
if i call:
   openssl <enter> to enter the openssl shell and then
   call the crl conversion command

we get an error... see attached example:
(the crl lines are exactly the same)

so i'll ask this question at openssl list too, but maybe
someone knows...

[EMAIL PROTECTED] 006 $ openssl crl -out
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_cnv-2.tmp -in
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_data.tmp
-text -noout -inform PEM
[EMAIL PROTECTED] 006 $
[EMAIL PROTECTED] 006 $ openssl
OpenSSL> crl -out
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_cnv-2.tmp -in
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_data.tmp
-text -noout -inform PEM
error in crl
OpenSSL> q
[EMAIL PROTECTED] 006 $


furthermore there is a really dirty hack for now - which reanables
the txt creation, since the conversation itself, even if the error gets shown
by openssl 'error in crl(command)'...

in OpenCA::OpenSSL change line 951 to:
   if( (not $ret) && ($self->errval ne "error in crl\n")) {

this will work around...

there are some more problematic calls:
see the errors and somehow ignored and go on - but they are there
and should be removed in the long term... i think

greetings
dalini

--------------------

OpenCA::OpenSSL->_execute_command: ca -gencrl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_crl.tmp -config /usr/pki/operating/006/ca/OpenCA/etc/openssl/openssl.cnf -keyfile /usr/pki/operating/006/ca/OpenCA/var/crypto/keys/cakey.pem -passin env:pwd -cert /usr/pki/operating/006/ca/OpenCA/var/crypto/cacerts/cacert.pem -crldays 30

OpenCA::OpenSSL->_execute_command: executed
OpenCA::OpenSSL->_execute_command: command executed - stopping shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_execute_command: check for error
OpenCA::OpenSSL->_execute_command: detected error log
OpenCA::OpenSSL->_execute_command: stderr: Using configuration from 
/usr/pki/operating/006/ca/OpenCA/etc/openssl/openssl.cnf

OpenCA::OpenSSL->_execute_command: leaving successful (return: 1)
OpenCA::OpenSSL->dataConvert: passwd is set
OpenCA::OpenSSL->dataConvert: command=crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_crl.tmp -outform PEM -inform PEM
OpenCA::OpenSSL->dataConvert: using infile
OpenCA::OpenSSL->_execute_command: entering function
OpenCA::OpenSSL->_start_shell: try to start shell
OpenCA::OpenSSL->_start_shell: | /usr/pki/tools/bin/openssl 1>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stdout.log 2>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stderr.log
OpenCA::OpenSSL->_start_shell: shell started
OpenCA::OpenSSL->_execute_command: crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_crl.tmp -outform PEM -inform PEM

OpenCA::OpenSSL->_execute_command: executed
OpenCA::OpenSSL->_execute_command: command executed - stopping shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_execute_command: check for error
OpenCA::OpenSSL->_execute_command: detected error log
OpenCA::OpenSSL->_execute_command: stderr:
OpenCA::OpenSSL->_execute_command: leaving successful (return: 1)
OpenCA::OpenSSL->dataConvert: openssl itself successful
OpenCA::OpenSSL->dataConvert: passphrases deleted
OpenCA::OpenSSL->dataConvert: return result like follows
OpenCA::OpenSSL->dataConvert: -----BEGIN X509 CRL-----
MIIBwjCBqzANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJkZTEPMA0GA1UEChMG
b3BlbmNhMRAwDgYDVQQLEwd0ZXN0aW5nMRswGQYDVQQDExJvcGVuY2EgdGVzdGlu
ZyAwMDYxLTArBgkqhkiG9w0BCQEWHm9wZW5jYS10ZXN0aW5nQGxhYi54LWRlbnNl
Lm9yZxcNMDQwNzE0MTcyOTU4WhcNMDQwODEzMTcyOTU4WjANBgkqhkiG9w0BAQQF
AAOCAQEArIioYvlwleBIRRKs3U+CeDELe1k/C8SGABBZ2tcOxzEmupUw2xvIcSTC
dMe5K6wlI3QKWz8+hSwatHe52xpRPLJ8/x/perEtp4tymfqbYrnfuN/2wtEusFq0
+B740xnn3yniDS4cgp2mgBcWnGyoWuoItlyntjWsVKjeKnZHSzPdcTHwzfLzEg8b
mO8dOtiLM8DBp9fXhHeKpMkML5k39NQ1JG03V3sbrP3xZBEgP0EM/Z8/9XDbsBUp
KtLwygs0h+gsRmuBG6o4HKY4Qx0V6/86NB3NFc7Tk9ah8xitc4KRmLrwrtTWZMmR
JV40KcrjTYewS7lvAXovneHUQK0paw==
-----END X509 CRL-----

OpenCA::OpenSSL->dataConvert: create temporary infile 
/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp
OpenCA::OpenSSL->dataConvert: the data is like follows
OpenCA::OpenSSL->dataConvert: -----BEGIN X509 CRL-----
MIIBwjCBqzANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJkZTEPMA0GA1UEChMG
b3BlbmNhMRAwDgYDVQQLEwd0ZXN0aW5nMRswGQYDVQQDExJvcGVuY2EgdGVzdGlu
ZyAwMDYxLTArBgkqhkiG9w0BCQEWHm9wZW5jYS10ZXN0aW5nQGxhYi54LWRlbnNl
Lm9yZxcNMDQwNzE0MTcyOTU4WhcNMDQwODEzMTcyOTU4WjANBgkqhkiG9w0BAQQF
AAOCAQEArIioYvlwleBIRRKs3U+CeDELe1k/C8SGABBZ2tcOxzEmupUw2xvIcSTC
dMe5K6wlI3QKWz8+hSwatHe52xpRPLJ8/x/perEtp4tymfqbYrnfuN/2wtEusFq0
+B740xnn3yniDS4cgp2mgBcWnGyoWuoItlyntjWsVKjeKnZHSzPdcTHwzfLzEg8b
mO8dOtiLM8DBp9fXhHeKpMkML5k39NQ1JG03V3sbrP3xZBEgP0EM/Z8/9XDbsBUp
KtLwygs0h+gsRmuBG6o4HKY4Qx0V6/86NB3NFc7Tk9ah8xitc4KRmLrwrtTWZMmR
JV40KcrjTYewS7lvAXovneHUQK0paw==
-----END X509 CRL-----

OpenCA::OpenSSL->dataConvert: passwd is set
OpenCA::OpenSSL->dataConvert: command=crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp -text -noout -inform PEM
OpenCA::OpenSSL->dataConvert: using infile
OpenCA::OpenSSL->_execute_command: entering function
OpenCA::OpenSSL->_start_shell: try to start shell
OpenCA::OpenSSL->_start_shell: | /usr/pki/tools/bin/openssl 1>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stdout.log 2>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stderr.log
OpenCA::OpenSSL->_start_shell: shell started
OpenCA::OpenSSL->_execute_command: crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp -text -noout -inform PEM

OpenCA::OpenSSL->_execute_command: executed
OpenCA::OpenSSL->_execute_command: command executed - stopping shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_execute_command: check for error
OpenCA::OpenSSL->_execute_command: detected error log
OpenCA::OpenSSL->_execute_command: stderr: error in crl

OpenCA::OpenSSL->setError: errno: 7777067
OpenCA::OpenSSL->setError: errval: error in crl

OpenCA::OpenSSL->dataConvert: openssl itself successful
OpenCA::OpenSSL->dataConvert: passphrases deleted
OpenCA::OpenSSL->setError: errno: 7722073
OpenCA::OpenSSL->setError: errval: OpenCA::OpenSSL->dataConvert: OpenSSL failed 
(7777067). error in crl

OpenCA::OpenSSL->dataConvert: resetting errno from 7722073 to 0.
OpenCA::OpenSSL->setError: errno: 0
OpenCA::OpenSSL->setError: errval:
OpenCA::OpenSSL->dataConvert: create temporary infile 
/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp
OpenCA::OpenSSL->dataConvert: the data is like follows
OpenCA::OpenSSL->dataConvert: -----BEGIN X509 CRL-----
MIIBwjCBqzANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJkZTEPMA0GA1UEChMG
b3BlbmNhMRAwDgYDVQQLEwd0ZXN0aW5nMRswGQYDVQQDExJvcGVuY2EgdGVzdGlu
ZyAwMDYxLTArBgkqhkiG9w0BCQEWHm9wZW5jYS10ZXN0aW5nQGxhYi54LWRlbnNl
Lm9yZxcNMDQwNzE0MTcyOTU4WhcNMDQwODEzMTcyOTU4WjANBgkqhkiG9w0BAQQF
AAOCAQEArIioYvlwleBIRRKs3U+CeDELe1k/C8SGABBZ2tcOxzEmupUw2xvIcSTC
dMe5K6wlI3QKWz8+hSwatHe52xpRPLJ8/x/perEtp4tymfqbYrnfuN/2wtEusFq0
+B740xnn3yniDS4cgp2mgBcWnGyoWuoItlyntjWsVKjeKnZHSzPdcTHwzfLzEg8b
mO8dOtiLM8DBp9fXhHeKpMkML5k39NQ1JG03V3sbrP3xZBEgP0EM/Z8/9XDbsBUp
KtLwygs0h+gsRmuBG6o4HKY4Qx0V6/86NB3NFc7Tk9ah8xitc4KRmLrwrtTWZMmR
JV40KcrjTYewS7lvAXovneHUQK0paw==
-----END X509 CRL-----

OpenCA::OpenSSL->dataConvert: passwd is set
OpenCA::OpenSSL->dataConvert: command=crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp -outform DER -inform PEM
OpenCA::OpenSSL->dataConvert: using infile
OpenCA::OpenSSL->_execute_command: entering function
OpenCA::OpenSSL->_start_shell: try to start shell
OpenCA::OpenSSL->_start_shell: | /usr/pki/tools/bin/openssl 1>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stdout.log 2>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stderr.log
OpenCA::OpenSSL->_start_shell: shell started
OpenCA::OpenSSL->_execute_command: crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp -outform DER -inform PEM

OpenCA::OpenSSL->_execute_command: executed
OpenCA::OpenSSL->_execute_command: command executed - stopping shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_execute_command: check for error
OpenCA::OpenSSL->_execute_command: detected error log
OpenCA::OpenSSL->_execute_command: stderr:
OpenCA::OpenSSL->_execute_command: leaving successful (return: 1)
OpenCA::OpenSSL->dataConvert: openssl itself successful
OpenCA::OpenSSL->dataConvert: passphrases deleted
OpenCA::OpenSSL->dataConvert: return result like follows
OpenCA::OpenSSL->dataConvert: 0‚Â0?«0
 *†H†÷

openca10U testing10Uopenca testing 0061-0+ *†H†÷
 [EMAIL PROTECTED]
040714172958Z
040813172958Z0
 *†H†÷

[?>…,´w¹ÛQ<²|ÿéz±-§‹r™ú›b¹ß¸ßöÂÑ.°Z´øøÓçß)â
.‚?¦€œl¨Zê¶\§¶5¬T¨Þ*vGK3Ýq1ðÍòó˜ï:Ø‹3ÀÁ§×ׄwŠ¤É /™7ôÔ5$m7W{¬ýñd ?A ýŸ?õpÛ°)*ÒðÊ 4‡è,Fk?ª8¦8Cëÿ:4ÍÎÓ“Ö¡ó­s‚‘˜ºð®ÔÖdÉ‘%^4)ÊãM‡°K¹oz/[EMAIL PROTECTED])k
OpenCA::OpenSSL->dataConvert: create temporary infile /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp
OpenCA::OpenSSL->dataConvert: the data is like follows
OpenCA::OpenSSL->dataConvert: -----BEGIN X509 CRL-----
MIIBwjCBqzANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJkZTEPMA0GA1UEChMG
b3BlbmNhMRAwDgYDVQQLEwd0ZXN0aW5nMRswGQYDVQQDExJvcGVuY2EgdGVzdGlu
ZyAwMDYxLTArBgkqhkiG9w0BCQEWHm9wZW5jYS10ZXN0aW5nQGxhYi54LWRlbnNl
Lm9yZxcNMDQwNzE0MTcyOTU4WhcNMDQwODEzMTcyOTU4WjANBgkqhkiG9w0BAQQF
AAOCAQEArIioYvlwleBIRRKs3U+CeDELe1k/C8SGABBZ2tcOxzEmupUw2xvIcSTC
dMe5K6wlI3QKWz8+hSwatHe52xpRPLJ8/x/perEtp4tymfqbYrnfuN/2wtEusFq0
+B740xnn3yniDS4cgp2mgBcWnGyoWuoItlyntjWsVKjeKnZHSzPdcTHwzfLzEg8b
mO8dOtiLM8DBp9fXhHeKpMkML5k39NQ1JG03V3sbrP3xZBEgP0EM/Z8/9XDbsBUp
KtLwygs0h+gsRmuBG6o4HKY4Qx0V6/86NB3NFc7Tk9ah8xitc4KRmLrwrtTWZMmR
JV40KcrjTYewS7lvAXovneHUQK0paw==
-----END X509 CRL-----

OpenCA::OpenSSL->dataConvert: passwd is set
OpenCA::OpenSSL->dataConvert: command=crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp -text -noout -inform PEM
OpenCA::OpenSSL->dataConvert: using infile
OpenCA::OpenSSL->_execute_command: entering function
OpenCA::OpenSSL->_start_shell: try to start shell
OpenCA::OpenSSL->_start_shell: | /usr/pki/tools/bin/openssl 1>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stdout.log 2>/usr/pki/operating/006/ca/OpenCA/var/tmp/29854_stderr.log
OpenCA::OpenSSL->_start_shell: shell started
OpenCA::OpenSSL->_execute_command: crl -out /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_cnv.tmp -in /usr/pki/operating/006/ca/OpenCA/var/tmp/29854_data.tmp -text -noout -inform PEM

OpenCA::OpenSSL->_execute_command: executed
OpenCA::OpenSSL->_execute_command: command executed - stopping shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_execute_command: check for error
OpenCA::OpenSSL->_execute_command: detected error log
OpenCA::OpenSSL->_execute_command: stderr: error in crl

OpenCA::OpenSSL->setError: errno: 7777067
OpenCA::OpenSSL->setError: errval: error in crl

OpenCA::OpenSSL->dataConvert: openssl itself successful
OpenCA::OpenSSL->dataConvert: passphrases deleted
OpenCA::OpenSSL->setError: errno: 7722073
OpenCA::OpenSSL->setError: errval: OpenCA::OpenSSL->dataConvert: OpenSSL failed 
(7777067). error in crl

OpenCA::OpenSSL->_stop_shell: try to stop shell

--------------------
--
Ives Steglich                Email: [EMAIL PROTECTED]
System Administration        Tel.:  +49 (0)3677 - 69 4882
                             Fax:   +49 (0)3677 - 69 4399

Fraunhofer Institute for Digital Media Technology
Langewiesener Strasse 22
98693 Ilmenau                Email (private): [EMAIL PROTECTED]
Germany                      http://www.openca.org


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to