Hi,
I am establishing a CA system for my university, just using the
OpenCA-SNAP20001121. Through the work, I found some bugs in the soft:
1. in module OpenCA::REQ line 260-264 was changed to
( $cn ) = ( $textReq =~ /\nCN = (.*?)\n/i );
( $s ) = ( $textReq =~ /\nS = (.*?)\n/i );
( $l ) = ( $textReq =~ /\nL = (.*?)\n/i );
( $o ) = ( $textReq =~ /\nO = (.*?)\n/i );
( $c ) = ( $textReq =~ /\nC = (.*?)\n/i );
I add some "\n" because "/SERIAL =" will conflict with "/L =", then the
locality $l get SERIAL's value.
Still the REQ module, I added some code after line 333
( $s ) = ( $dn =~ /S=([^\,^\/]+)/i );
if ( not $s ) {
( $s ) = ( $dn =~ /ST=([^\,^\/]+)/i );
}
Because sometime the ST represent State, such as the request generated by
MS IIS4.
2. in module OpenCA::OpenSSL line 254
return defined; should be return "defined"; or something
and line 460 should be delete, because openssl ca haven't this parameter
$command .= "-inform " . uc($inform) ." ";
3. in /home/httpd/cgi-ca/ca after line 1087 add the following:
$op->{SIGNATURE} .= "<FONT COLOR=\"Green\">" .
"Valid Signature</FONT>";
$dn = $info->{0}->{DN};
$dn =~ s/\//, /g;
$dn =~ s/^, //;
$dn1 = $op->{DN};
$dn1 =~ s/\//, /g;
$dn1 =~ s/^, //;
if ($dn1 ne $dn) {
and delele the old line 1088.
This resolved the problem of not verifying signature correctly on
CAServer.
yours songyi
_________________________________________________________________
OpenCA - Users Support Mailing List [EMAIL PROTECTED]
