OK, if I sign a CRR I sign it with a ra admin cert with serial "7", the
sub CA has certificate "4", I get 4 overflow errors in the log. The
message that the "signature is correctly verified" is displayed.
If I approve the CRR without signing then I get no overflow errors. But
as this is a production server I need to sign the CRRs
It does seem like it is a problem paresing the signature.
Any other ideas ?
Chris...
Chris Covell wrote:
Many thanks for your comments guys,
Looking into it i am seeing the errors when approving CRRs, singing them
with a certificate.
i shall take Martins's advice and have a look at the database for the
CRR (they all seem to cause problems). I shall try it without signing
the approval too.
Juergen's point is also a good one, the certifciate I am using to
approve the CRRs is from a hierachical PKI, one of the serials numbers
may be a bit funny !
Chris...
Johnny Gonzalez wrote:
Hello Chris,
I have seen that message several times, but until now
it haven't been any problem, it appears after
approving CSRs.
As you say so, it appears for very low serial numbers,
so I guess this could be a bug in perl libraries.
Regards,
Johnny
--- Chris Covell <[EMAIL PROTECTED]> escribió:
Guys,
Openca 0.9.2.2
Openssl 0.9.7
Have any of you ever seen this in the stderr.log ?
Integer overflow in hexadecimal number at
/usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm
line 392.
The last certificate issued was serial 5368 (0x14F8)
The last certificate revoked was serial 3366 (0xD26)
surely these are not such big numbers to overflow ?
Is this a bug as I have duplicated the error in a test script and the
lowest integer I get to cause the overflow is 100000000 ! I am nowhere
near that serial number !
Chris...
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content,
downloads, discussions,
and more.
http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
______________________________________________ Renovamos el Correo
Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
