I can assure you that autosscep works correctly with openca. We use it routinely with at least 30 connections. The code from sscep has been fixed within. But of course my comment could be biased. Merry Christmas to everyone! Paolo
> -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] conto di Martin > Bartosch > Inviato: mercoled� 22 dicembre 2004 15.02 > A: [email protected]; > [email protected] > Oggetto: [Openca-Users] SCEP command line client problems (sscep, > scepclient) > > > Hi, > > during the past days I have been busy trying to get a command line > interface SCEP client to work with OpenCA. > I tried the current versions of sscep (C) and scepclient (Java). > (I did not try autoscep yet partly because I think it will suffer > from the same problems as sscep) > > My question is: has anybody successfully used one of the above > SCEP clients with OpenCA? > If yes I'd like to hear about experience on this. > > ---- > My setup: OpenCA 0.9.2.1. SCEP certificate key usage: > X509v3 Key Usage: critical > Digital Signature, Non Repudiation, Key Encipherment, Data > Encipherment > ---- > > My observations so far: > > sscep dies in OpenSSL function PKCS7_encrypt() with a SIGSEGV > without sending a single byte to the SCEP server: > > ../sscep enroll -u http://xxxxxxx/cgi-bin/scep/scep -k local.key -r > local.csr -c cacert-0 -l mycert.pem -v > ../sscep: starting sscep, version 20030417 > ../sscep: hostname: xxxxxxxxxx > ../sscep: directory: cgi-bin/scep/scep > ../sscep: port: 80 > ../sscep: new transaction > ../sscep: transaction id: 9BDABF5D6EA7B960083001D7C0110791 > ../sscep: generating selfsigned certificate > ../sscep: SCEP_OPERATION_ENROLL > ../sscep: sending certificate request > ../sscep: creating inner PKCS#7 > ../sscep: data payload size: 418 bytes > Segmentation fault > > After some debugging with gdb in the sscep code I stopped digging > further. Data passed to the encrypt function seems to be OK. > No idea why it dies, then. > > Moving to the Java scepclient: > I have had more luck with the scepclient Java implementation (0.1). > Unfortunately the scepclient implementation does not handle > chunked encoding (HTTP/1.1) and dies with an Array-out-of-bounds > exception. Reason is that connection.getContentType() returns -1 > for chunked encoding and the Java code then tries to allocate > a byte array of length -1... > > After a rudimentary fix in the Java code, a SCEP CSR request is > finally successfully inserted into the OpenCA database. > > Unfortunately the scepclient dies when reading the response of the > SCEP server. > > Any help (tip, howto, faq, doc, experience) is appreciated. > > cheers > > Martin > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Openca-Users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
