Ives Steglich wrote:
ok, i see, so i have to change some code at the approveCSR and CRR since i just check the cert-state but not the validity dates for valid certs... this should be fixed before the release... since the code looks like this:
# check validity of signer certificate if ($tmpCert->getStatus() =~ /revoked/ || $tmpCert->getStatus() =~ /suspended/ || $tmpCert->getStatus() =~ /expired/ ) {
or does this trigger the datechecks and changes the state autmatically?
means, does getStatus() does transparently checking validity-states including timechecks and changing of state or do i have to do this manualy?
getStatus uses the status set by the database module via setStatus. If you get an expired cert from OpenCA::DBI then the status is of course EXPIRED and not VALID. Therefore I wrote that this is transparently for the user. The user of the DBI database module never see that there is only one internal state (VALID).
ok, i will check the getStatus routine, but i think it would be a good idea to put it right there - so getStatus would always give back the 'true' state of an certificate and we won't have an security problem anywhere like an certificate is marked valid but expired and do extra manual checks...
getStatus always return EXPIRED if the cert is expired (at minimum for DBI - I don't coded DB).
ok; looks like i should add some date checks to my code... since getStatus just does:
sub getStatus { my $self = shift; return $self->{STATUS}; }
This is correct because setStatus already set the status to EXPIRED.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
