Hi Michael, > If we issue a cert then we first create the cert and second create some > signatures for the role and the CRIN. Perhaps we must run openca-sv > within the wrapper like openssl. Please see the functions sign, verify, > encrypt and decrypt in OpenSSL.pm (src/modules/openca-openssl/).
you were right. I added WRAPPER support for decrypt and sign (should not be necessary for encrypt and verify), and now the Role is correctly signed after cert creation. Is there any chance I can get my database consistent again for the certs that were issued before this change? Find enclosed a patch for OpenSSL.pm that fixes the problem. BTW: I think that some initialization in OpenCA::OpenSSL::new() and setParams() are redundant. Most attributes get overwritten by setParam, so they should not be set in new(), I think. Martin
openssl.pm.patch
Description: Binary data
