Alexei Chetroi wrote:
I've tried with "char *" in OpenSSL.xs, but it still doesn't work, because 'sprintf("%lx", getSerial())' is overflowed, returning FFFFFFFF as serial number. So, I've tried "Math::BigInt lib =>'GMP'" as Martin proposed, got better results. Serial number is correctly converted, but crypto-utils failed at line 369:
$index [$value->getSerial()] = \%hash;
with this error message: General Error The compilation of the command cmdRebuildOpenSSLindexDB failed. Modification of non-creatable array value attempted, subscript -1 at /usr/share/openca/functions/crypto-utils.lib line 369.
I've changed line 369 to:
$index ["$value->getSerial()"] = \%hash; Now it is better, here's result of OpenSSL index rebuild:
Loading the Objects ...
VALID_CA_CERTIFICATE: b6aeb51cd84562f2
Writing index.txt (/var/lib/openca/crypto/index.txt) ...
V 050324113528Z b6aeb51cd84562f2 unknown /C=MD/O=Uniflux-Line/OU=Trust Center/CN=Certification Authority/[EMAIL PROTECTED]
Writing serial /var/lib/openca/crypto/serial ...FFFFFFFF
So wherever getSerial() is treated as integer by perl, it is overflowed.
The problem is a sprintf statement again. Can you fix this with Martin's workaround too?
$max = sprintf ("%lX", $max);
$max = "0".$max if (length ($max) % 2);If you can fix it then we could build a patch for crypto-utils.lib. Perhaps we should create some extreme testcases for the new testenvironment in the CVS head.
The problem is in fact really huge because we have to change perhaps our complete database code. PKIX requires 20 byte serial numbers. We only support today 8 byte integers. Does somebody know how lexical ordering on integers work? Does it sort correctly?
Michael -- _______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
