On Fri, Oct 14, 2005 at 10:52:09AM +0200, Michael Bell wrote: > Date: Fri, 14 Oct 2005 10:52:09 +0200 > From: Michael Bell <[EMAIL PROTECTED]> > To: [email protected] > Reply-To: [email protected] > Subject: Re: [Openca-Users] Recovery issue > > Marcel Koopmans wrote: > >Hello Everbody, > > > >I have an issue with recovery of openca. > >I was running openca 0.9.2.2 on Debian 3.1 ( PowerPC ) > >I have build openca 0.9.2.4 on Debian 3.1 ( x86 ) > > > >To move & upgrade my CA I did... > > > >1) Old node of ca/ra I made a backup. > >2) Configure config.xml and run configure_etc.sh > >3) Copy var/crypto/keys/cakey.pem > >4) run openca_start > >5) New node of ca/ra... > > Administration->Backup and Recovery > > Initialize Database ( ok ) > > Restore Database ( ok ) > > Rebuild OpenSSL's database and next serialnumber > > > >---Issue--- > > > >Try to recover OpenSSL's index database > >(Please wait until operation completes) > >Create backups of index.txt and serial ... > > > >/home/openca/offline/Elysium_Open_Systems_root_CA/var/crypto/index.txt > > > >/home/openca/offline/Elysium_Open_Systems_root_CA/var/crypto/serial > > > >Loading the Objects ... > > > >VALID_CA_CERTIFICATE: 7FFFFFFF > > > > > > > > Error 700 > > General Error The compilation of the command > >cmdRebuildOpenSSLindexDB failed. panic: array extend at > >/home/openca/offline/Elysium_Open_Systems_root_CA/lib/functions/crypto-utils.lib > > > >line 374. > > Can this be an integer overflow for Perls array index? The following > sprintf statement looks for me like we found the next issue with big > serials: > > sprintf ("%lX", $value->getSerial()); > > Perhaps we have to use Math::BigInt here too. I think I have to check > Alexei's Debian patches again and if I'm back from the workshop then we > have to commit them to the stable release tree. BTW Alexei, can you > commit them by yourself? Do you mean to the openca-0.9.2 branch? I'll need some time to check them once again and I'd like you to review those pathces. Cause I don't want to break something unintentionally. Best wishes
-- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
