Michael, >> I think I shall also try and write out the serials to the stderr.log so >> that I can see what the numbers are that are overflowing. This patch >> (should) fix the symptoms but not the cause ! > > Sorry Chris, but the cause is our poor handling of cert and other big > serials. Alexei had the idea how to solve the issue (see the Debian > patches) but perhaps I forgot several points where I convert serials in > the code.
OK, I have looked hard at this, and the patch does fix the cause and the symptoms !!! I had not noticed that the root CA has a 16 digit hex serial (I was sure all my other PKI root ca certs had a serial of 0). So, it is a big number, so the management of the big number in the serial is what we need to do. Many thanks, I shall be applying the patch to my live system soon. Chris... ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
