Hi John,
To counter this problem, we thought we would use two separate files, one for upload/receive and another for download/enroll. Is this an appropriate solution? This means the file target for EXPORT_IMPORT_DOWN_IMPORT is different than EXPORT_IMPORT_DOWN_EXPORT, for example. However, it appears that there is only one @__DEVICE__@ variable for both. Is it possible to create user defined variables in the servers .conf.template files? Is it possible to define these variables in config.xml like the @__DEVICES__@ parameter is defined?
You can safely ignore the DEVICE Variable, if you change the values of the EXPORT_IMPORT commands and do not use DEVICE here - so that should not be a problem.
Even if this works to eliminate the overwrites described above, we see yet another possible problem. What if two CA Operators, for example, enroll data to the same RA? Is data lost? I suspect not. Does the enrolled tar contain all data and the RA sorts out what is new and what is already in the database when it downloads? Or does the enrolled tar contain only limited information and accidentally overwriting it with a second enroll from the same CA will actually lose data?
Actually I dont know exactly how OpenCA determines what certitifactes to export, but I unfortunatley think that we have a kind of race condition here :(
I will try to figure this out... Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
