The OCSP server 6.1 (and 6.2) appears to have a bug in the configuration.c file. When the CRL is initially loaded, the lastUpdate and nextUpdate values are set. But on a reload, those values are not updated... here's the diff for the change I made to fix this on my box.
-Devon
% diff -c configuration.c.orig configuration.c *** configuration.c.orig Thu Sep 23 09:48:07 2004 --- configuration.c Fri Jan 14 16:21:25 2005 *************** *** 397,402 **** --- 397,415 ---- continue; }
+ /* Copied the lastUpdate and nextUpdate from above so
+ these values get updated to match the recently loaded
+ crl. Now the check_crl_validity should be correct. */
+
+ /* Now we copy the lastUpdate and nextUpdate fields */
+ a->lastUpdate = M_ASN1_TIME_dup (
+ X509_CRL_get_lastUpdate(crl));
+
+ a->nextUpdate = M_ASN1_TIME_dup (
+ X509_CRL_get_nextUpdate(crl));
+
+ a->crl_status = check_crl_validity ( a );
+
/* Let's get the CRLs entries, if any */
if( ocspd_build_crl_entries_list ( a, crl ) == NULL ) {
syslog(LOG_ERR, "No Entries for CRL [ %s ]",
--
--Please send plain text whenever possible-----------------
Devon Heron | |
Security Technology Group (PKI Dev-test) :|: :|:
Tel: 831/461-8738 :|||: :|||:
email: [EMAIL PROTECTED] .:|||||||:..:|||||||:.
------------------------------------------ CiscoSystems ----
"Love does not delight in evil but rejoices with the truth."
1 Corinthians 13:6------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
