Michael, >> I think I shall also try and write out the serials to the stderr.log so >> that I can see what the numbers are that are overflowing. This patch >> (should) fix the symptoms but not the cause ! > > Sorry Chris, but the cause is our poor handling of cert and other big > serials. Alexei had the idea how to solve the issue (see the Debian > patches) but perhaps I forgot several points where I convert serials in > the code.
I am a bit confused, as I have looked at the pkcs7 sig attatched to the CRR (from the database) through OpenSSL and the serials of the certificate used to sign and the CA cert are very low (07 and 04) so I don't know where the BIG integers come from. > Perhaps it would be the best way to apply the Debian patches for bigints > to the general source tree. Probably a good idea. I must admit that as I don't use Debian, i ignored the patches thread. Chris... ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
