[OpenCA-Devel] backup/restore bugs

Tim Rice Sun, 19 Sep 2010 12:30:23 -0700

Solaris 10 (SPARC)
openca-base-1.1.0 with patches at
http://mm.cs.dartmouth.edu/wiki/index.php/OpenCA_PKI_v1.1.0
Postgress back end



I'm attempting to track down a bug in the backup/restore routines
on the node interface.
On the CA side, if I backup the database, initialize the database,
and restore the database, all the valid certificates are now revoked.

If I untar the file used to restore into a temp directory and
then do another backup and untar it into another directory, I can 
do a gdiff -ru and see things like this
..........
diff -ru good/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem 
bad/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem
--- good/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem      
2010-09-19 10:02:36.000000000 -0700
+++ bad/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem       
2010-09-19 10:12:11.000000000 -0700
@@ -1,5 +1,6 @@
 -----BEGIN HEADER-----
 CSR_SERIAL=-1
+EXPIRED_AFTER=Sun Sep 19 17:11:05 2010
 -----END HEADER-----
 
 -----BEGIN CERTIFICATE-----
..........

and this
..........
diff -ru good/CERTIFICATE/VALID/195722417019527870820884.pem 
bad/CERTIFICATE/VALID/195722417019527870820884.pem
--- good/CERTIFICATE/VALID/195722417019527870820884.pem 2010-09-19 
10:02:41.000000000 -0700
+++ bad/CERTIFICATE/VALID/195722417019527870820884.pem  2010-09-19 
10:12:16.000000000 -0700
@@ -1,6 +1,7 @@
 -----BEGIN HEADER-----
 PIN=1bcbb068fb9ed4189ab745ed3e954e011f208f81
 CSR_SERIAL=256
+REVOKED_AFTER=Sun Sep 19 17:11:36 2010
 LOA=3
 ROLE=User
 -----END HEADER-----
..........

The dates on the EXPIRED_AFTER= and REVOKED_AFTER= lines are always
the time of restore.

Any idea which file (program) is adding these on restore?

I also noticed the the initialize database option in the Backup/Restore
menu did not have the mode=FORCE option. Was this intended?

Thanks.

-- 
Tim Rice                                Multitalents    (707) 887-1469
t...@multitalents.net



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

[OpenCA-Devel] backup/restore bugs

Reply via email to