[Openca-Users] Sign problems when we have extrange characters on certificate.

Fri, 02 Dec 2005 10:20:15 -0800 

Hi again,

Sorry for the other mail in Spanish.

We have been trying to find out what the problem could be when we tried
to sign an Approve Request on the RA. However we still get that 6206
error, more exactly we get the 7911031error. The strange thing is
whether I send the certificate without signing it to the CA (Approve
Request without Signing) and y sign it in the CA, the certificate is
generated well.

The problem only stays in certificates with weird characters (for
instance áéíóúñÑü...). If those characters don't appear in the Approve
Request on RA it works correctly.

We're using OpenCA 0.9.2.4++ with complete support for utf8 on Debian
Linux Testing (openssl 0.9.8a). We've done additional tests such as
changing the database characters set to different kinds of utf8,
although we didn't success either. We've done tests with different ways
to access the database (DBI and DB) too.

Furthermore, you can't see anything wrong inside the error file
(/usr/local/openca/openca/var/log/stderr.log)

The worst of it all is that due to the structure of the source code we
don't know exactly where we can try to find the origin of the trouble,
and what's more, we believe that it could be caused by some executable
and/or class which use openssl 0.9.7. We've been searching on the
Internet about this and we've found quite similar problems refering to
the program openca-sv, but our program has covered all the dependencies
in the 0.9.8a. version.

In conclusion, when you sign an approve request on the RA with a
certificate with strange characters (supported by utf8), the sign
doesn't work and you get the error we said before. If the certificate is
exported without signing, the sign in the CA works perfectly. In other
words, we think the problem may be in the OpenCA::PKCS7 class although
it's not the one which is pointed to by the error.

If anyone could tell us anything about what we can do or have a look at,
we would be really grateful.

Thank you very much.




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to