Hi,
in our test system I used the "Rebuild OpenSSL database and next serial number" function to recreate the index.txt file.
After this was successfully performed, I noticed that the revocation date in index.txt was destroyed, leading to errorneous CRLs:
Revoked Certificates: Serial Number: 03 Revocation Date: Dec 31 23:59:59 1999 GMT Serial Number: 04 Revocation Date: Dec 31 23:59:59 1999 GMT Serial Number: 05 Revocation Date: Dec 31 23:59:59 1999 GMT [...]
Bug or misconfiguration?
Bug. This is the erroneous code in crypto-utils.lib.
-------------------------------------------
$hash {DATE_2} = "991231235959Z";
my $h = 99991231235959;
foreach my $value (@result) {
if ($h > $cryptoShell->getNumericDate ($value->getParsed ()->{SUBMIT_DATE})) {
$h = $cryptoShell->getNumericDate ($value->getParsed ()->{SUBMIT_DATE});
$hash {DATE_2} = $cryptoShell->getOpenSSLDate ($value->getParsed ()->{SUBMIT_DATE});
}
}
--------------------------------------------
Can you take a look into the data and header fields of the revoked certificate in the database? Perhaps we use the wrong field or wrong object.
Michael -- _______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel