Re: [OpenCA-Devel] CA Certificate serial number.

Thu, 24 Mar 2005 04:52:50 -0800 

On Mon, Mar 21, 2005 at 09:35:19AM +0100, Michael Bell wrote:
> Date: Mon, 21 Mar 2005 09:35:19 +0100
> From: Michael Bell <[EMAIL PROTECTED]>
> Subject: Re: [OpenCA-Devel] CA Certificate serial number.
> 
> Alexei Chetroi wrote:
> 
 [ snip ]

> >If I understand correctly, 20 octets won't fit into long long int.
> 
> Yes, but (char *) can handle it now.
> 
> >If we change RETVAL to char *, does it mean that we shouldn't use
> >sprintf in crypto-utils.lib?
> 
> The "problem" is that OpenSSL returns decimal encoded serial numbers. I 
> use sprintf %llX to convert decimal numbers to hexadecimal numbers. If 
> you know how we can convert without %X then we can solve the complete 
> issue. Actually I don't know a replacement for %X.

  I've tried with "char *" in OpenSSL.xs, but it still doesn't work,
because 'sprintf("%lx", getSerial())' is overflowed, returning FFFFFFFF
as serial number. So, I've tried "Math::BigInt lib =>'GMP'" as Martin
proposed, got better results. Serial number is correctly converted, but
crypto-utils failed at line 369:

    $index [$value->getSerial()] = \%hash;

with this error message:
General Error The compilation of the command cmdRebuildOpenSSLindexDB
failed. Modification of non-creatable array value attempted, subscript
-1 at /usr/share/openca/functions/crypto-utils.lib line 369.

I've changed line 369 to:

    $index ["$value->getSerial()"] = \%hash;                                    
  
Now it is better, here's result of OpenSSL index rebuild:
Loading the Objects ...

VALID_CA_CERTIFICATE: b6aeb51cd84562f2

Writing index.txt (/var/lib/openca/crypto/index.txt) ...

V 050324113528Z  b6aeb51cd84562f2 unknown /C=MD/O=Uniflux-Line/OU=Trust
Center/CN=Certification Authority/[EMAIL PROTECTED]

Writing serial /var/lib/openca/crypto/serial ...FFFFFFFF

So wherever getSerial() is treated as integer by perl, it is overflowed.

  Best wishes

--
Alexei Chetroi

Smile... Tomorrow will be worse. (c) Murphy's Law


-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.  Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to