[openca-users:204] Re: Some bug modification of OpenCA-SNAP20001121

Tue, 16 Jan 2001 22:40:52 -0800 

Sorry, I forgot something:
I'm using Redhat6.2

4. in module OpenSSL  line 85
   $self->{binDir} = "/usr/bin"  changed to $self->{binDir} =
"/usr/local/ssl/bin"

5. the Makefile of OpenCA-SV-0.7.02
   BIN = /usr/bin   changed to    BIN = /usr/local/ssl/bin
   CRYPTO_LIB = -lcrypto  changed to  CRYPTO_LIB =
/usr/local/ssl/lib/libcrypto.a


----- Original Message -----
From: Song Yi <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 16, 2001 9:05 PM
Subject: [openca-users:202] Some bug modification of OpenCA-SNAP20001121


> Hi,
>     I am establishing a CA system for my university, just using the
> OpenCA-SNAP20001121. Through the work, I found some bugs in the soft:
>
> 1. in module OpenCA::REQ   line 260-264 was changed to
>                 ( $cn    ) = ( $textReq =~ /\nCN = (.*?)\n/i );
>                 ( $s     ) = ( $textReq =~ /\nS = (.*?)\n/i );
>                 ( $l     ) = ( $textReq =~ /\nL = (.*?)\n/i );
>                 ( $o     ) = ( $textReq =~ /\nO = (.*?)\n/i );
>                 ( $c     ) = ( $textReq =~ /\nC = (.*?)\n/i );
>    I add some "\n" because "/SERIAL =" will conflict with "/L =", then the
> locality $l get SERIAL's value.
>
>    Still the REQ module, I added some code after line 333
>                 ( $s     ) = ( $dn =~ /S=([^\,^\/]+)/i );
>                 if ( not $s ) {
>                         ( $s     ) = ( $dn =~ /ST=([^\,^\/]+)/i );
>                 }
>    Because sometime the ST represent State, such as the request generated
by
> MS IIS4.
>
>
> 2. in module OpenCA::OpenSSL   line 254
>      return defined;   should be return "defined"; or something
>    and line 460 should be delete, because openssl ca haven't this
parameter
>     $command .= "-inform " . uc($inform) ." ";
>
> 3. in /home/httpd/cgi-ca/ca    after line 1087 add the following:
>                         $op->{SIGNATURE} .= "<FONT COLOR=\"Green\">" .
>                                             "Valid Signature</FONT>";
>
>                         $dn = $info->{0}->{DN};
>                         $dn =~ s/\//, /g;
>                         $dn =~ s/^, //;
>
>                         $dn1 = $op->{DN};
>                         $dn1 =~ s/\//, /g;
>                         $dn1 =~ s/^, //;
>
>                         if ($dn1 ne $dn)  {
>
>    and delele the old line 1088.
>    This resolved the problem of not verifying signature correctly on
> CAServer.
>
>
>
> yours songyi
>
>
> _________________________________________________________________
> OpenCA - Users Support Mailing List       [EMAIL PROTECTED]
>


_________________________________________________________________
OpenCA - Users Support Mailing List       [EMAIL PROTECTED]

Reply via email to