Hi all.I have some problem with openca and ocspd, i cant understand if them are
my fault or not.First this is my configuration Debian - Kernel
2.6.32-5-686OpenCA, LibPKI, OCSP all last version compiled form source..Single
node configuration.
And now the error:
1 ) Can't sign Certification Resquest and Revocation Request - when i go to my
RA and try to approve a request and signing have this error ---- Cannot build
PKCS#7-object from extracted signature!
OpenCA::PKCS7 returns errorcode 7911031
OpenCA::PKCS7->new: Cannot initialize signature (7912021).
OpenCA::PKCS7->initSignature: Cannot parse signature (7921021).
OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature
(7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Error]: Digest mismatch.
Signature is wrong.[Info]: Input file intialized.[Info]: Signaturefile
initialized.[Info]: Reading Certificate file.[Info]: PKCS#7 object
loaded.[Info]: Data is ready for verification.[Info]: Signature Informations
(PKCS#7):depth:1 serial:01 subject:CN=PolybiusLab Certification
Authority,OU=PolybiusLab CA,O=PolybiusLab,C=ITdepth:0
serial:7CA82D50049C3C9EDA51 subject:CN=RA Operator,OU=Users,O=PolybiusLab
CA,C=IT[Info]: Signature is corrupt. Errorcode -1.signature:error:-1---I try
with firefox and ie8 and have the same error, with chromium i cant use the
cert.Important : when i test the certificate from pub interface everything is
ok.
2) Can't view root CA certificate from CA/RA interface When i click on serial
in Valid CA Certificate the web server show an error and in ssh console i found
this dump*** stack smashing detected ***: /usr/bin/perl terminated=======
Backtrace:
=========/lib/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xb7691e50]/lib/i686/cmov/libc.so.6(+0xe0dfa)[0xb7691dfa]/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBD/mysql/mysql.so(+0x1ac74)[0xb6f70c74]/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBD/mysql/mysql.so(+0x6fa9)[0xb6f5cfa9]/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBD/mysql/mysql.so(XS_DBD__mysql__st_bind_param+0x1f9)[0xb6f6da39]/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBI/DBI.so(XS_DBI_dispatch+0x380d)[0xb716400d]/usr/bin/perl(Perl_pp_entersub+0x52b)[0x80d5ddb]/usr/bin/perl(Perl_runops_standard+0x18)[0x80d43b8]/usr/bin/perl(perl_run+0x225)[0x80793b5]/usr/bin/perl(main+0x14d)[0x806435d]/lib/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb75c7ca6]/usr/bin/perl[0x8064171]=======
Memory map: ========08048000-08176000 r-xp 00000000 08:01 42346
/usr/bin/perl08176000-08178000 rw-p 0012e000 08:01 42346
/usr/bin/perl09194000-0b3db000 rw-p 00000000 00:00 0
[heap]b6d14000-b6d31000 r-xp 00000000 08:01 129027
/lib/libgcc_s.so.1b6d31000-b6d32000 rw-p 0001c000 08:01 129027
/lib/libgcc_s.so.1b6d39000-b6d59000 r-xp 00000000 08:01 59307
/usr/lib/perl/5.10.1/auto/B/B.sob6d59000-b6d5a000 rw-p 0001f000 08:01 59307
/usr/lib/perl/5.10.1/auto/B/B.sob6d5a000-b6f0c000 r-xp 00000000 08:01 39242
/usr/lib/libmysqlclient.so.16.0.0b6f0c000-b6f10000 r--p 001b1000 08:01 39242
/usr/lib/libmysqlclient.so.16.0.0b6f10000-b6f55000 rw-p 001b5000 08:01
39242 /usr/lib/libmysqlclient.so.16.0.0b6f55000-b6f56000 rw-p 00000000
00:00 0 b6f56000-b6f74000 r-xp 00000000 08:01 111286
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBD/mysql/mysql.sob6f74000-b6f76000
rw-p 0001d000 08:01 111286
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBD/mysql/mysql.sob6f76000-b6f77000
r-xp 00000000 08:01 32925 /usr/lib/gconv/ISO8859-1.sob6f77000-b6f78000
r--p 00001000 08:01 32925 /usr/lib/gconv/ISO8859-1.sob6f78000-b6f79000
rw-p 00002000 08:01 32925 /usr/lib/gconv/ISO8859-1.sob6f79000-b6f80000
r--s 00000000 08:01 1398
/usr/lib/gconv/gconv-modules.cacheb6f80000-b6f91000 r--p 00000000 08:01 107011
/opt/openca-1.1.1/lib/openca/locale/it_IT/LC_MESSAGES/openca.mob6f91000-b6f9b000
r-xp 00000000 08:01 145440
/lib/i686/cmov/libnss_files-2.11.3.sob6f9b000-b6f9c000 r--p 00009000 08:01
145440 /lib/i686/cmov/libnss_files-2.11.3.sob6f9c000-b6f9d000 rw-p 0000a000
08:01 145440 /lib/i686/cmov/libnss_files-2.11.3.sob6f9d000-b6fa5000 r-xp
00000000 08:01 145433 /lib/i686/cmov/libnss_nis-2.11.3.sob6fa5000-b6fa6000
r--p 00008000 08:01 145433
/lib/i686/cmov/libnss_nis-2.11.3.sob6fa6000-b6fa7000 rw-p 00009000 08:01 145433
/lib/i686/cmov/libnss_nis-2.11.3.sob6fa7000-b6fba000 r-xp 00000000 08:01
145437 /lib/i686/cmov/libnsl-2.11.3.sob6fba000-b6fbb000 r--p 00012000 08:01
145437 /lib/i686/cmov/libnsl-2.11.3.sob6fbb000-b6fbc000 rw-p 00013000 08:01
145437 /lib/i686/cmov/libnsl-2.11.3.sob6fbc000-b6fbe000 rw-p 00000000 00:00
0 b6fbe000-b6fc4000 r-xp 00000000 08:01 149757
/lib/i686/cmov/libnss_compat-2.11.3.sob6fc4000-b6fc5000 r--p 00006000 08:01
149757 /lib/i686/cmov/libnss_compat-2.11.3.sob6fc5000-b6fc6000 rw-p
00007000 08:01 149757
/lib/i686/cmov/libnss_compat-2.11.3.sob6fc7000-b6fcc000 r-xp 00000000 08:01
75341 /usr/lib/perl/5.10.1/auto/Opcode/Opcode.sob6fcc000-b6fcd000 rw-p
00004000 08:01 75341
/usr/lib/perl/5.10.1/auto/Opcode/Opcode.sob6fcd000-b6fd5000 r-xp 00000000 08:01
145390 /usr/lib/perl/5.10.1/auto/Data/Dumper/Dumper.sob6fd5000-b6fd6000
rw-p 00008000 08:01 145390
/usr/lib/perl/5.10.1/auto/Data/Dumper/Dumper.sob6fd6000-b7139000 r-xp 00000000
08:01 33463 /usr/lib/libdb-4.8.sob7139000-b713c000 rw-p 00163000 08:01
33463 /usr/lib/libdb-4.8.sob713c000-b714a000 r-xp 00000000 08:01 111143
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DB_File/DB_File.sob714a000-b714b000
rw-p 0000d000 08:01 111143
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DB_File/DB_File.sob714b000-b716b000
r-xp 00000000 08:01 111175
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBI/DBI.sob716b000-b716c000
rw-p 0001f000 08:01 111175
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/DBI/DBI.sob716c000-b7172000
r-xp 00000000 08:01 104259
/usr/lib/perl/5.10.1/auto/Math/BigInt/FastCalc/FastCalc.sob7172000-b7173000
rw-p 00005000 08:01 104259
/usr/lib/perl/5.10.1/auto/Math/BigInt/FastCalc/FastCalc.sob7173000-b7186000
r-xp 00000000 08:01 34708 /usr/lib/libz.so.1.2.3.4b7186000-b7187000 rw-p
00013000 08:01 34708 /usr/lib/libz.so.1.2.3.4b7187000-b71cd000 r-xp
00000000 08:01 59536 /usr/lib/i686/cmov/libssl.so.0.9.8b71cd000-b71d1000
rw-p 00046000 08:01 59536
/usr/lib/i686/cmov/libssl.so.0.9.8b71d1000-b730e000 r-xp 00000000 08:01 59535
/usr/lib/i686/cmov/libcrypto.so.0.9.8b730e000-b7326000 rw-p 0013c000 08:01
59535 /usr/lib/i686/cmov/libcrypto.so.0.9.8b7326000-b7329000 rw-p 00000000
00:00 0 b7329000-b7342000 r-xp 00000000 08:01 107814
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/OpenCA/OpenSSL/OpenSSL.sob7342000-b7343000
rw-p 00018000 08:01 107814
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/OpenCA/OpenSSL/OpenSSL.sob7343000-b734a000
r-xp 00000000 08:01 111322
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/Locale/gettext_xs/gettext_xs.sob734a000-b734b000
rw-p 00006000 08:01 111322
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/Locale/gettext_xs/gettext_xs.sob734b000-b734e000
r-xp 00000000 08:01 111137
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/MIME/Base64/Base64.sob734e000-b734f000
rw-p 00002000 08:01 111137
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/i486-linux-gnu-thread-multi/auto/MIME/Base64/Base64.sob734f000-b7352000
r-xp 00000000 08:01 10485 /usr/lib/perl/5.10.1/auto/Cwd/Cwd.so
3) When the service start up this warning is inside the stderr logIssuing
rollback() due to DESTROY without explicit disconnect() of DBD::mysql::db
handle database=openca;host=localhost;port=3306;mysql_ssl=0 at
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900.Issuing
rollback() due to DESTROY without explicit disconnect() of DBD::mysql::db
handle database=openca;host=localhost;port=3306;mysql_ssl=0 at
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900.
note : I have mysql dev package
4) last but the most important...i installed ocspd server and configure it but
chromium/chrome/firefox have a crash when send a request to the service.i try
to send a request with openssl and all its ok.
[reskejal@artk-001 testca]$ openssl ocsp -issuer cacert.pem -CAfile cacert.pem
-serial 0x80de28944c4a2bf06f04 -url http://192.168.2.11:2560Response verify
OK0x80de28944c4a2bf06f04: revoked This Update: Feb 3 12:11:13 2012 GMT
Next Update: Feb 4 12:16:13 2012 GMT Revocation Time: Feb 1
15:33:13 2012 GMT
[reskejal@artk-001 testca]$ openssl ocsp -issuer cacert.pem -CAfile cacert.pem
-serial 0x00FA4425DB2898CF0515A9 -url http://192.168.2.11:2560Response verify
OK0x00FA4425DB2898CF0515A9: good This Update: Feb 3 12:06:42 2012 GMT
Next Update: Feb 4 12:11:42 2012 GMT
Now i use the ocsp responder of the openssl package as a service (a little
script) and it works with all browser
5) when i request a revocation, the certificate i suspend but when i try to
cancel the request and restore the cert i have this error
Error Code: 700
Error in restoring <<serial>> certificate!
and in the stderr.log
DBD::mysql::st execute failed: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax to
use near ' revoked_after=NULL, invalidity_reason='', loa='2' where
cert_key=58867576199501' at line 1 at
/opt/openca-1.1.1/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3309.
Thanks to all ------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
