Hi Ralf!
I got here some other enhancement for the ca.c program. This do:
* get the status (given the serial num) of a cert;
'openssl ca -config $conf -status 0c';
Added (ser_status) variable and get_certificate_status_db()
function;
* issue a certificate either if there is already a
valid certificate with that DN: this is because if we
want to issue a cert BEFORE the other one is expired,
we simply couldn't (let's not get the user irritated
because he cannot use services because of this).
* moved up the db reading routine so if the CA key is encrypted
we don't have to insert the passphrase to get a certificate
status.
Sorry if I do not send the diff format to the devel mailing-list, but I
lost(deleted) the original file, so... :-D
Thank you for your time and patience.
See you on the BitStream,
Massimiliano Pala ([EMAIL PROTECTED])
P.S.: It could be useful if you can specify the certs attribute at the
approval time (not only in the config file) with a '-ext "nsCert=wrewer"
or something like that. What do you think ? See you!
patched-ca-SNAP-19990417.tar.gz
