Re: [Openca-Users] Problem with fingerprints beginning with a digit

Tue, 30 Mar 2010 07:47:10 -0700 

Hi Claus,

the AC code is a bit of a mess right now. I think it suffered from the
over-engineer complex... I think that the idea about the CERTIFICATE_SERIAL
being < 1 would identify the CA certificate which are treated differently
from the other certificates (because their serial numbers can be non-unique
due to renewal, etc..).

I am actually planning on completely rewriting the AC module and use a
simpler User oriented one that would allow CA managers to enable/disable
users to act as RA/CA/etc...

I will look into the problem and send a solution as soon as I have some
time to work on it... but if you find a working solution, please share
it with us... :D

Cheers,
Max


On 03/29/2010 08:49 AM, clau...@bayern-mail.de wrote:

Hi all,

i have a problem with ca_certificates whoes fingerprint starts with a
digit and i think its a bug.
I can't view the Cert, the listCert is ok.
After some debugging i located the problem in AC.pm.
In the 'sub getOwner'
.
.
      ## check for certificates
      if ( not $self->{acl}->{owner_method}) {
          $self->{acl}->{object} = "";
          $self->{acl}->{owner}  = "";
      } elsif ( $self->{acl}->{owner_method} =~ /^CERTIFICATE_SERIAL$/i ) {
          ## load serial
          if ( $self->{cgi}->param ($self->{acl}->{owner_argument})<  1 ) {
              ## CA_CERTIFICATE detected
-----
the last 'if' is false if the fingerprint (=ca_cert_key) starts with a digit.
Im am very confused about this check. What means here less the '1'?
In my understanding the first Parameter contains the fingerprint and
so a textstring - i'm wrong?

I admit that i'm not a expert in perl, but could you explain me the
purpose of these code lines?
Should it be a check against the serial of the Certificate?


I hope you can clarify my confusion

Thanks, Claus

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to