Re: [OpenCA-Devel] Transition to expired

[Ives Steglich]

[EMAIL PROTECTED] wrote:
Hi Dalini,

therefore - how does an certaficate transits from valid to
expired at the serverside? in the databases and so on?
i mean we have no cronjob or something which checkes from time to time
and changes the state of an exired certificate to expired

I don't know how Max implements this for DBM files but the DBI module only
knows the certificate status VALID. The DBI module checks every
certificate on the fly before it sets the state to VALID or EXPIRED. This
is fully transparent for the user. If a user asks for one or more expired
certificates then the database searchs internally for VALID certificates
with a notafter smaller then now. So the DBI module does not need a
cronjob and is always up-to-date.
ok, i see, so i have to change some code at the approveCSR and CRR since 
i just check the cert-state but not the validity dates for valid 
certs... this should be fixed before the release... since the code looks 
like this:

# check validity of signer certificate
if ($tmpCert->getStatus() =~ /revoked/
        || $tmpCert->getStatus() =~ /suspended/
        || $tmpCert->getStatus() =~ /expired/ ) {
or does this trigger the datechecks and changes the state autmatically?
means, does getStatus() does transparently checking validity-states 
including timechecks and changing of state or do i have to do this manualy?

ok, i will check the getStatus routine, but i think it would be a good 
idea to put it right there - so getStatus would always give back the 
'true' state of an certificate and we won't have an security problem 
anywhere like an certificate is marked valid but expired and do extra 
manual checks...

ok; looks like i should add some date checks to my code...
since getStatus just does:
sub getStatus
{
    my $self = shift;
    return $self->{STATUS};
}
greetings
dalini
--
Ives Steglich                Email: [EMAIL PROTECTED]
System Administration        Tel.:  +49 (0)3677 - 69 4382/4383
                             Fax:   +49 (0)3677 - 69 4399
Fraunhofer Institute for Digital Media Technology
Langewiesener Strasse 22
98693 Ilmenau                Email (private): [EMAIL PROTECTED]
Germany                      http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel