The following changes in lib/cmds/confirm_revreq make the revocation working as
I expected it:
***************
*** 53,61 ****
my $hashed_crin = $cryptoShell->getDigest ( DATA => $crin, ALGORITHM =>
"sha1" );
## get the informations about the crin
! my $csr_serial = $cert->getParsed()->{HEADER}->{CSR_SERIAL};
! my $csr = $db->getItem ( DATATYPE => "ARCHIVED_REQUEST", KEY =>
$csr_serial );
! my $pin = $csr->getParsed()->{HEADER}->{PIN};
## check the crin
if ($pin ne $hashed_crin) {
--- 53,59 ----
my $hashed_crin = $cryptoShell->getDigest ( DATA => $crin, ALGORITHM =>
"sha1" );
## get the informations about the crin
! my $pin = $cert->getParsed()->{HEADER}->{PIN};
## check the crin
if ($pin ne $hashed_crin) {
***************
*** 70,77 ****
$info_list->{BODY}->[2]->[0] = gettext ("Please enter the
CRIN which the owner of the private keys received during the process of issuing
the certificate.");
$info_list->{BODY}->[3]->[0] = gettext ("CRIN code [
revocation pin ]");
$info_list->{BODY}->[3]->[1] = '<Input type="password"
name="crin">';
! $info_list->{BODY}->[4]->[0] = gettext ("Retype CRIN code [
retype revocation pin ]");
! $info_list->{BODY}->[4]->[1] = '<Input type="password"
name="crin2">';
$hidden_list->{"cmd"} = "confirm_revreq";
$cmd_panel->[0] = '<input type="submit" name="Submit"
value="'.gettext ("Continue").'">';
--- 68,75 ----
$info_list->{BODY}->[2]->[0] = gettext ("Please enter the
CRIN which the owner of the private keys received during the process of issuing
the certificate.");
$info_list->{BODY}->[3]->[0] = gettext ("CRIN code [
revocation pin ]");
$info_list->{BODY}->[3]->[1] = '<Input type="password"
name="crin">';
! $info_list->{BODY}->[3]->[0] = gettext ("Retype CRIN code [
retype revocation pin ]");
! $info_list->{BODY}->[3]->[1] = '<Input type="password"
name="crin2">';
$hidden_list->{"cmd"} = "confirm_revreq";
$cmd_panel->[0] = '<input type="submit" name="Submit"
value="'.gettext ("Continue").'">';
--Michi
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von
Gsandtner Michael *EXTERN*
Gesendet: Freitag, 15. Juli 2005 12:50
An: [email protected]
Betreff: [Openca-Users] CRINs
I have set USE_REQUEST_PIN to YES in etc/servers/ca.conf (which is very
usefull, because additional server generated CRINs are too complicate for
users. Moreover Outlook e.g. cannot decrypt the Mail unless it contains X509 V3
extendedKeyUsage=emailProtection, which is not wanted in certificates with
other purposes, e.g. SSL Server)
- in the encrypted CRIN Mail I received, the @__SERIAL__@ and @__DN__@ were not
substituted, but appeared exactly as those strings. The mail says correctly I
should use the PIN entered
during request generation for revoking the certificate.
- when I try to revoke the certificate via the pub interface, I first have to
enter the CRIN twice in a form (together with a reason field and the serial
number). After submitting this, I get a similar form, which distinguishes from
the first only that the CRIN field appears only once ("Again CRIN"). I entered
3 times the correct (100% sure!) PIN (which I entered at CSR generation), but I
get "Fehler 690: Die CRINs sind verschieden". What's going wrong ?
(I can succesfully verify the PIN in the ra interface)
Best Regards --Michi
D.I. Michael Gsandtner
Magistrat der Stadt Wien, MA 14 - ADV Referat EG1
A 1082 Wien, Rathausstraße 1
Email: [EMAIL PROTECTED]
Telefon: +43 1 4000 91640
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=ick
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
