I use OpenCA 0.9.1.3, and I had the same problem too. I commented the line
$ret->{SERIAL} = hex ($ret->{SERIAL});
in X509.pm, and now I get right serials. In fact, it seems that 'getCertAttribute', which is called above, returns a decimal value, not a hexadecimal one. (I checked it with a simple 'print $ret->{SERIAL}').
Anyway, I haven't fully understood this behaviour: this subroutine should call 'openssl' command, which should return a hexadecimal value (if I run 'openssl x509 -in 0A.pem -noout -nameopt RFC2253 -serial', I get a hexadecimal value: 'serial=0A') ... maybe there is another hex() conversion somewhere in OpenCA code?
You understand correctly what's going on. OpenCA had to perform the hex conversion by itself until we wrote the appropriate layer. After this happens we released 0.9.1.0 but forgot to remove the additional hex conversion. After the shipping of 0.9.1.0 it is forbidden to fix this because this fix would break the internal database if somebody updates from such an early 0.9.1. This is the reason why we cannot fix this issue in 0.9.1. The issue will be fixed in 0.9.2. Which requires a database backup and restoration at all.
The system itself cannot be corrupted because of this error!
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
