Jack Disu schrieb:
>
> hi
> I am using openca-0.9.1-RC3 it works fine , with mail
> problem as already discuss.
> also there is little problem in renewed request, in ra
> when I view certificate and edit CSR and press renewed
> request it prompt me edit/approve/delete from RA?
> when I approve sign(with/without) it is working; at CA
> I issued the new certificate.
>
> But when I just say Renewed certificate and in the CA
> in the field renewed certificate it shows but can not
> issuse cert. There is subject alterName field is
> missing. also renewed reuuest is not edit at RA.
I found a small bug which explains the behaviour. renewCSR copies at
every time the subjectAlternativeName from the original request into the
header of the renew request. This is a bug if the subject alternative
name is not present in the old request.
I attached a fixed renewCSR.
Best regards,
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
## OpenCA - RA Server Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
## File Name: renewCSR
## Brief: renew Request
## Description: renew an approved request
## Parameters: key
my $cmdName = "renewCSR";
if ( $cmd !~ /$cmdName/i ) {
configError( "Wrong Command Usage ($cmd over $cmdName)!" );
exit 1;
}
## To aprove a Request, we need it signed by the RA operator
my $beginHeader = "-----BEGIN HEADER-----";
my $endHeader = "-----END HEADER-----";
## Get the parameters
my $key = $query->param('key');
my $req = $db->getItem( DATATYPE=>"REQUEST", KEY=>$key);
## If it doesn't exists the file, report error
if( not $req ) {
configError("Error: Request $serial ($key) Not found (database errorcode ".
$db->errno().")!".$db->errval);
}
my $parsed = $req->getParsed();
my ( $head, $text, $newREQ, $tmp, $format, $tmpSubj );
## Get the Operator Serial Number ( Whatch out, only authorized
## people should get here in, please verify your web configuration,
## this is not matter of this program but access control )
$parsed->{HEADER}->{OPERATOR} =
( $ENV{'SSL_CLIENT_CERT_SERIAL'} or $ENV{'SSL_CLIENT_M_SERIAL'});
if( $parsed->{HEADER}->{OPERATOR} eq "" ) {
$parsed->{HEADER}->{OPERATOR} = "n/a";
} else {
if ( length( $parsed->{HEADER}->{OPERATOR} ) % 2 ) {
$parsed->{HEADER}->{OPERATOR} = "0" .
$parsed->{HEADER}->{OPERATOR};
}
}
my $req_elements = $db->elements (DATATYPE => "REQUEST");
if ((not defined $req_elements) or ($req_elements < 0)) {
generalError ("Database fails during counting the already existing requests!",
669);
} else {
$req_elements++;
}
my $new_serial = ($req_elements << getRequired ("ModuleShift")) | getRequired
("ModuleID");
## Set new header
$head = "$beginHeader\n";
$head .= "TYPE = $parsed->{TYPE}\n";
$head .= "RA = $parsed->{HEADER}->{RA}\n";
$head .= "SERIAL = ".$new_serial."\n";
$head .= "RENEW = ".$req->getSerial()."\n";
$head .= "OPERATOR = $parsed->{HEADER}->{OPERATOR}\n"
if ($parsed->{HEADER}->{OPERATOR});
$head .= "NOTBEFORE = ".$tools->getDate()."\n";
$head .= "PIN = $parsed->{HEADER}->{PIN}\n";
$head .= "SUBJECT = $parsed->{HEADER}->{SUBJECT}\n"
if ($parsed->{HEADER}->{SUBJECT});
$head .= "SUBJECT_ALT_NAME = $parsed->{HEADER}->{SUBJECT_ALT_NAME}\n"
if ($parsed->{HEADER}->{SUBJECT_ALT_NAME});
$head .= "ROLE = $parsed->{HEADER}->{ROLE}\n";
$head .= "$endHeader\n";
if ( $parsed->{TYPE} =~ /(PKCS#10|IE)/ ) {
$format = "PEM";
} else {
$format = "SPKAC";
}
my $text = $req->getParsed()->{BODY};
my $keypair = $req->getParsed()->{KEY};
## Create a new REQ object (if we modified something we should
## store modifications) and save the value.
$newREQ = $head . $text . $keypair;
my $item = new OpenCA::REQ( SHELL=>$cryptoShell, DATA=>$newREQ,
INFORM=>$format);
if( not $item ) {
configError( "Cannot create a new REQ object." );
}
if( not $db->storeItem( DATATYPE=>"RENEW_REQUEST", MODE=>"INSERT",
KEY=>$new_serial, OBJECT=>$item ) ) {
configError( "Error while storing REQ ($dbDir)!" );
}
$cmd = "viewCSR";
$query->param ('key', $new_serial);
$query->param ('dataType', "RENEW_REQUEST");
my $command = getRequired ('CgiCmdsPath')."/$cmd";
require "$command";
exit $?;
