Martin Bartosch wrote:
Hi,

in our test system I used the "Rebuild OpenSSL database and next serial
number" function to recreate the index.txt file.

After this was successfully performed, I noticed that the revocation date
in index.txt was destroyed, leading to errorneous CRLs:

Revoked Certificates:
    Serial Number: 03
        Revocation Date: Dec 31 23:59:59 1999 GMT
    Serial Number: 04
        Revocation Date: Dec 31 23:59:59 1999 GMT
    Serial Number: 05
        Revocation Date: Dec 31 23:59:59 1999 GMT
[...]

Bug or misconfiguration?

Bug. This is the erroneous code in crypto-utils.lib.
-------------------------------------------
$hash {DATE_2} = "991231235959Z";
my $h = 99991231235959;
foreach my $value (@result) {
if ($h > $cryptoShell->getNumericDate ($value->getParsed ()->{SUBMIT_DATE})) {
$h = $cryptoShell->getNumericDate ($value->getParsed ()->{SUBMIT_DATE});
$hash {DATE_2} = $cryptoShell->getOpenSSLDate ($value->getParsed ()->{SUBMIT_DATE});
}
}
--------------------------------------------
Can you take a look into the data and header fields of the revoked certificate in the database? Perhaps we use the wrong field or wrong object.


Michael
--
_______________________________________________________________

Michael Bell                    Humboldt-Universitaet zu Berlin

Tel.: +49 (0)30-2093 2482       ZE Computer- und Medienservice
Fax:  +49 (0)30-2093 2704       Unter den Linden 6
[EMAIL PROTECTED]   D-10099 Berlin
_______________________________________________________________


------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to