Hello,
I installed ocspd-1.9.0 on my gentoo system and had some problems with
it:
* When I left out a server_cert in the one and only CA section
(dbms_file) of the configfile, ocspd skipped that section and could
not answer requests for that CA.
* When I specified a server_cert I got segmentation faults caused by
line 735 of src/hash-db.c.
I had a closer look at what is going on and the following patch solves
my problems:
diff --git a/src/hash-db.c b/src/hash-db.c
index 0528d35..5dc27c8 100644
--- a/src/hash-db.c
+++ b/src/hash-db.c
@@ -727,8 +727,9 @@ STACK_OF(CA_ENTRY_CERTID) *ocspd_CA_ENTRY_CERTID_new (
if( cid ) OPENSSL_free (cid);
return (NULL);
};
- cid->hashAlgorithm = (X509_ALGOR *) OBJ_nid2obj(nid);
- if(cid->hashAlgorithm == NULL) {
+ cid->hashAlgorithm = X509_ALGOR_new();
+ cid->hashAlgorithm->algorithm = OBJ_nid2obj(nid);
+ if(cid->hashAlgorithm->algorithm == NULL) {
if( cid ) OPENSSL_free (cid);
return (NULL);
};
Version 2.0.0 still has similar code in src/ocspd/config.c and probably
it also needs some handling. Currently, I cannot test version 2.0.0 as
I do not yet understand how all the new configfiles work together.
Best regards,
Dirk
------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months. Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
