Hi,

in my test environment I have some certificates that were "approved
without signing" by the RA admin and issued by the CA. Of course
these certs do not contain a signature on the cert's role in
the database.

However, if I try to access the cert from the certificate overview
list, I get the following error:

OpenCA: General error trapped 6295030: Invalid signature of the role of
the user 23. (Hackers on the Road?) The errorcode from the cryptoshell is
7742075. OpenCA::OpenSSL->verify: openca-sv failed. [Error]:
error:0906D06C:PEM routines:PEM_read_bio:no start line<br>
Compilation failed in require at /usr/local/openca-0.9.2/etc/openca_start
line 62.

This prevents such certificates from being displayed or even revoked.
I found a dirty workaround to get rid of these certs by temporarily
replacing the openca-sv binary with a dummy binary that always
returns true :-)

But I think the system should be able to handle this condition,
the cert should be displayable even if no sig is attached. And the
cert should also be revokable by RA and CA operator, shouldn't it?

Martin



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to