[OpenCA-Devel] SCEP command line client problems (sscep, scepclient)

Wed, 22 Dec 2004 06:02:27 -0800 

Hi,

during the past days I have been busy trying to get a command line
interface SCEP client to work with OpenCA.
I tried the current versions of sscep (C) and scepclient (Java).
(I did not try autoscep yet partly because I think it will suffer
from the same problems as sscep)

My question is: has anybody successfully used one of the above
SCEP clients with OpenCA?
If yes I'd like to hear about experience on this.

----
My setup: OpenCA 0.9.2.1. SCEP certificate key usage:
X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment, Data
Encipherment
----

My observations so far:

sscep dies in OpenSSL function PKCS7_encrypt() with a SIGSEGV
without sending a single byte to the SCEP server:

../sscep enroll -u http://xxxxxxx/cgi-bin/scep/scep  -k local.key -r
local.csr -c cacert-0  -l mycert.pem -v
../sscep: starting sscep, version 20030417
../sscep: hostname: xxxxxxxxxx
../sscep: directory: cgi-bin/scep/scep
../sscep: port: 80
../sscep: new transaction
../sscep: transaction id: 9BDABF5D6EA7B960083001D7C0110791
../sscep: generating selfsigned certificate
../sscep: SCEP_OPERATION_ENROLL
../sscep: sending certificate request
../sscep: creating inner PKCS#7
../sscep: data payload size: 418 bytes
Segmentation fault

After some debugging with gdb in the sscep code I stopped digging
further. Data passed to the encrypt function seems to be OK.
No idea why it dies, then.

Moving to the Java scepclient:
I have had more luck with the scepclient Java implementation (0.1).
Unfortunately the scepclient implementation does not handle
chunked encoding (HTTP/1.1) and dies with an Array-out-of-bounds
exception. Reason is that connection.getContentType() returns -1
for chunked encoding and the Java code then tries to allocate
a byte array of length -1...

After a rudimentary fix in the Java code, a SCEP CSR request is
finally successfully inserted into the OpenCA database.

Unfortunately the scepclient dies when reading the response of the
SCEP server.

Any help (tip, howto, faq, doc, experience) is appreciated.

cheers

Martin



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to