Hi again,
We have been trying to find out what the problem could be when we tried
to sign an Approve Request on the RA. However we still get that 6206
error, more exactly we get the 7911031error. The strange thing is
whether I send the certificate without signing it to the CA (Approve
Request without Signing) and y sign it in the CA, the certificate is
generated well.
The problem only stays in certificates with weird characters (for
instance áéíóúñÑü...). If those characters don't appear in the Approve
Request on RA it works correctly.
We're using OpenCA 0.9.2.4++ with complete support for utf8 on Debian
Linux Testing (openssl 0.9.8a). We've done additional tests such as
changing the database characters set to different kinds of utf8,
although we didn't success either. We've done tests with different ways
to access the database (DBI and DB) too.
Furthermore, you can't see anything wrong inside the error file
(/usr/local/openca/openca/var/log/stderr.log)
The worst of it all is that due to the structure of the source code we
don't know exactly where we can try to find the origin of the trouble,
and what's more, we believe that it could be caused by some executable
and/or class which use openssl 0.9.7. We've been searching on the
Internet about this and we've found quite similar problems refering to
the program openca-sv, but our program has covered all the dependencies
in the 0.9.8a. version.
In conclusion, when you sign an approve request on the RA with a
certificate with strange characters (supported by utf8), the sign
doesn't work and you get the error we said before. If the certificate is
exported without signing, the sign in the CA works perfectly. In other
words, we think the problem may be in the OpenCA::PKCS7 class although
it's not the one which is pointed to by the error.
If anyone could tell us anything about what we can do or have a look at,
we would be really grateful.
Thank you very much.
in Spanish:
Hola de nuevo,
hemos seguido investigando sobre el error al firmar una petición en
la RA (Approve Request) y nos sigue dando el error 6206, concretamente
nos da el error 7911031. Lo curioso es que si envio el certificado sin
firmar a la CA(Approve Request without Signing) y lo firmo en la CA, el
certificado lo genera de manera correcta.
El problema reside solo en los certificados con caracteres raros
(por ejemplo áéíóúñÑü...) si dichos caracteres no estan presentes en el
certificado la petición de firma (Approve Request on RA) funciona
correctamente.
Estamos utilizando la OpenCA 0.9.2.4++ con soporte total para utf8
sobre una Debian Linux Testing (openssl 0.9.8a). Hemos realizado pruebas
adicionales de cambiar el conjunto de caracteres de la BBDDs entre
diversos tipos de utf8 con los mismos resultados. También hemos cambiado
y realizado pruebas con el acceso a la BBDDs DBI y DB.
Dentro del fichero de errores
(/usr/local/openca/openca/var/log/stderr.log) no se ve ningún error.
El problema es que debido a la arquitectura del código fuente no
sabemos muy bien donde buscar el problema, y creemos que puede ser algún
ejecutable y/o clase que use openssl 0.9.7. He buscado por Internet y he
encontrado problemas similares referentes al programa openca-sv, pero
dicho programa tiene todas las depencias sobre librería de la versión
0.9.8a.
En resumen:
Al firmar una petición de certificado en la RA, con un
certificado con caracteres extraños (soportados por utf8) la firma no
funciona y da el error comentado anteriormente. Si el certificado es
exportado sin firmar, la firma en la CA funciona correctamente. Es
decir, el problema creemos que puede ser en la clase OpenCA::PKCS7
aunque no es la que comenta el error.
Si alguien tiene alguna idea de por donde podríamos seguir buscando
la solución estaría muy agradecido por ello.
Saludos a todos.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
