Sergei Vyshenski wrote:
Dear developers, Max,
Hi Sergei,
1. As it happens, patch submitted by me yesterday, is meant for OCSP
[...]
openca_0_9_2 openca-0.9
I shall check this and merge the OCSP code into the 0_9_2 branch. The code is now stable and it is reported to be quite portable to other systems other than linux too.
This patch solves 1) OpenSSL-0.9.8 compatibility and 2) corrects UTF8 related handling of data.
I understand. I actually fixed the OpenSSL-0.9.8 compatibility (simply on 0.9.8 series you need the libdl linked together with the code in order to work properly).
2. Newest version of OCSP (1.0.5), distributed separately from OpenCA: 1) compiles for me with OpenSSL-0.9.8 without any problem, 2) to my
I had a problem with the -ldl missing library and some warnings I fixed, nice to see you guys had no such issues.
vision does not need any UTF8 related changes in data handling, 3) has
:-D Great...
start-up script hard-coded towards ATT-like Unixes which makes it very hard to launch the OCSP on BSD-like Unixes.
Yes, I am going to fix this too.
3. Do you think that stable 0.9.2 branch of OpenCA should either 1) get a patched 0.5.1 version of OCSP, or 2) get a newest version of OCSP, or 3) any OCSP version be removed from stable 0.9.2 branch of OpenCA - to be distributed separately.
I am thinking about stripping the OCSP server out of the main distribution as it is an additional service. It could also be simpler for an admin to update to new versions if it is distributed separately. On the other hand, having all extensions in a single package could help the "lazy" people to test services they have not yet investigated... :-D
I am asking because now we are finishing relatively big revision of the stable branch: overall UTF8 support is there at long last, and some overall system aspects are changed towards more simple and robust i18n handling. Hopefully soon pending bugs in SCEP will be resolved. Then after some quarantine it could be reasonable to make a new release of stable branch.
Yes...
Also business plans of my company need a *working* stable release with reasonably full i18n support. This is necessary to launch formal registration procedure, enabling legal use of OpenCA in Russia.
Please post the bugs/new-features and we can work together on those too...
I will check-in the code hopefully today for the new version of the OCSP
that will have also an improved support for HTTP data retrieval (CRL/CA Certs).
Another aspect I have worked on is the usage of the MEM_BUF_* structures
instead the old approach of fixed sized buffers.
If tests on the new codebase are successful, then we can finally have a new
release of the code, probably v1.1.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI)
Certification Authority Informations:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
